Re: restricted groups for local admin rights
- From: "Sher" <Sher@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 24 Aug 2005 07:15:06 -0700
Steven,
If I want to add one domain user to one computers local administrators
group, is this the same process I would use or can I just add that domain
user to the local administrators group on that computer. When you add the
domain user to the local administrators group the message says :
administrators have complete and unrestricted access to the computer/domain.
Does this mean the user is now a domain administrator also?
Thanks again,
Sher
"Steven L Umbach" wrote:
> First off be sure to use Restricted Groups at the Organizational Unit level
> and NOT at the domain level or you run the risk of adding users to the
> administrators group for the domain. Then when you configure it at the OU
> level the computer accounts that you want these users to be local
> administrators on must be in the OU [or child OU] where you have the Group
> Policy linked to. You will not be able to browse to a local administrators
> group. Simply type in administrators as the group name. From what you
> describe you want to use the "member of" option for restricted groups. That
> way you can add a global group to the administrators group without affecting
> the current membership of the local administrators group on the computers
> you want to enforce Restricted Groups assuming that you do not want to
> strictly enforce membership of the local administrators group. I am not sure
> what icon lock means offhand. When testing your Restricted Groups be sure
> to reboot or use gpupdate to refresh computer configuration on your XP
> computers as it can otherwise take up to two hours for changes in Group
> Policy to propagate to domain computers. Hope some of this helps. --- Steve
>
>
> "Sher" <Sher@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:6B6CC986-FCD7-4527-B625-F8AD24247106@xxxxxxxxxxxxxxxx
> > Hi all,
> > 2003 server using gp for windows xp workstations
> > My goal is to use restricted groups under gp to add several users to the
> > local workstation administrator group.
> > I have read several articles on how to do it but it is confusing to me.
> > My questions:
> > can I use my current custom gp and just add the restricted group there or
> > will it override the other restrictions in the gp for the users that I add
> > to
> > the restricted group?
> > Can you give me the steps to set this up. (when I tried the other
> > articles
> > steps I couldn't browse to the local administrators group to add it as the
> > restriction point. In other words, I don't know how to tell the
> > restricted
> > group to be related to the local admins group)
> > Also, under restricted gp the icon has a lock picture on it. What does
> > this
> > mean?
> > Sorry, the restricted groups process hasn't clicked for me yet? I know I
> > could use this for other things also but just can't seem to understand the
> > process.
> > Thanks in advance for any help,
> > Sher
> >
> >
>
>
>
.
- Follow-Ups:
- Re: restricted groups for local admin rights
- From: Steven L Umbach
- Re: restricted groups for local admin rights
- References:
- restricted groups for local admin rights
- From: Sher
- Re: restricted groups for local admin rights
- From: Steven L Umbach
- restricted groups for local admin rights
- Prev by Date: Re: Group Policy "Hide specified Control Panel applets" not working for "Network Connections"
- Next by Date: Event ID 1030
- Previous by thread: Re: restricted groups for local admin rights
- Next by thread: Re: restricted groups for local admin rights
- Index(es):
Relevant Pages
|
