Re: local security group into local Administrator group
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 07/07/04
- Previous message: Eric Chamberlain, CISSP: "Re: local security group into local Administrator group"
- In reply to: jeff: "Re: local security group into local Administrator group"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 6 Jul 2004 19:45:04 -0700
Without third-party extensions you can only place
machines within the scope of a GPO that delivers
a Restricted Group definition for a machine local
group if all of those in scope machines are to have
identical membership in the group that is restricted.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "jeff" <jeffreyunderscorehicks@lycos.com> wrote in message news:26b9c01c4636c$183c4f80$a601280a@phx.gbl... > thanks Roger. > I later noticed when adding members to the local > Administrators group that machine local groups are not > available for addition. > > Is there a way to add machine local groups to the local > Administrators group? > Is there a better way to get some flexibility of > Administrators on a case by case basis while still using > Restricted Groups via GP? > > > >-----Original Message----- > >Evidently some code has a bug as it is not permitted for > >machine local groups to nest within other machine local > >groups. > > > >-- > >Roger Abell > >Microsoft MVP (Windows Server System: Security) > >MCSE (W2k3,W2k,Nt4) MCDBA > >"Jeff Hicks" <jeffrey_hicks@lycos.com> wrote in message > >news:80dc4163.0407021420.d01daaa@posting.google.com... > >> Would like to use Restricted Groups to standardize the > local > >> Administrator group as much as possible. However, on > SOME PCs I have > >> to have non-standard domain users with Administrative > privileges. > >> > >> I THOUGHT I could get around the "wipe and replace" > behavior of > >> Restricted Groups by having it add a local security > group to the local > >> Administrators group (add the local group but not > specify the > >> members). It LOOKS like it is working. The local group > is in the list > >> of Administrators in the GUI and in "net localgroup > Administrators" > >> however the domain users contained in the local group > cannot perform > >> administrative functions. > >> > >> What am I missing? > >> Is there a better way to get some flexibility of > Administrators on a > >> case by case basis? > > > > > >. > >
- Previous message: Eric Chamberlain, CISSP: "Re: local security group into local Administrator group"
- In reply to: jeff: "Re: local security group into local Administrator group"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
