Retaining local administrator groups when using restricted groups.
- From: "Shayne D. Swann" <a-sswann@xxxxxxxxxxxxx>
- Date: Tue, 19 Apr 2005 19:39:15 -0400
This kinda defeats the purpose of restricted groups but my company is
currently redesigning their group policy infrastructure and have decided to
used restricted groups.
Currently their are quite a few users who are members of the local
administrators group of their assigned workstation because of business
requirements.
Goal:
To implement the use of restricted groups while allowing the current local
administrators of a system to remain local administrators.
We have thought of a few work arounds but here are some of the problems we
are facing:
1. Gather all of the members that will need local administrator rights on
their workstations to a domain local group and adding that group to the
restricted group we place on the workstations.
The problem with this is we dont want to grant all users in this group local
admin rights to all of the computers.
2. Use computer login scripts to add the specfied domain groups to the local
administrators group with out using restricted groups.
The problem with this is their is no group policy refresh, and these groups
(if a local administrator removes them) will only apply at computer logon.
Is their any known "happy medium" for meeting this requirement?
.
- Follow-Ups:
- Re: Retaining local administrator groups when using restricted groups.
- From: Simon Geary
- Re: Retaining local administrator groups when using restricted groups.
- Prev by Date: Re: You do not have permission to change your password
- Next by Date: Programs in Terminal services
- Previous by thread: Deleted Group Policy still being applied to clients
- Next by thread: Re: Retaining local administrator groups when using restricted groups.
- Index(es):
Relevant Pages
|
