Re: Restricted Groups issue

Thanks Steve. I'll take a different approach as you have suggested. Thanks
again for your time and explanation.

Dave Leonardi

"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
news:ebkzP10zFHA.1168@xxxxxxxxxxxxxxxxxxxxxxx
> Keep in mind that Restricted Groups will enforce membership of the
> restricted group unless you use the "member of" [Windows 2000 must be
> using SP4 for member of to work right] option to add the restricted group
> to the administrators group. If that is the case, or do not use Restricted
> Groups on those computers, then I would just manually add those users to
> the local administrators group on their workstations as it sounds like you
> have a small group to do which could be done remotely via Computer
> Management - connect to another computer. The link below does a good job
> explaining the ways you can use Restricted Groups. --- Steve
>
> http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
>
> "Dave Leonardi" <Cyberaccount72@xxxxxxxxx> wrote in message
> news:%23NbjDQszFHA.3780@xxxxxxxxxxxxxxxxxxxxxxx
>> I had a question regarding Restricted Groups and how I can grant a
>> few individuals local administrative rights to their workstations.
>> Unfortunately the users are scattered throughout different OU's, so I
>> can't apply the Restricted Groups GPO to the top of each OU because they
>> would be added to the local administrators group for all PC's within that
>> OU, not just theirs. I already have it set up so that Domain Admins and
>> the OIT Group are pushed through Restricted Groups to the Local
>> Administators Group on all PCs. I was also thinking about a script with
>> Net Local Group Administrators <User> /ADD, but how would I incorporated
>> it so that it only worked on certain individual objects (Startup
>> Scripts?). I was wondering if someone could help with isolating certain
>> (Computers or Users) to the local Administrators Group without adding
>> everyone else. Thank You for your time and effort, it is greatly
>> appreciated.
>>
>> Windows XP and 2000 Clients (Approx 250)
>>
>> Windows 2003 DC's (2)
>>
>> Regards,
>>
>> Dave Leonardi
>>
>
>


.

Relevant Pages

  • Re: Basic User Setup
    ... You could user the computer configuration "restricted groups" to create a global ... restricted groups to enforce the membership of the domain computers in that OU ... want to wipe out current membership of the local administrators group in that OU ...
    (microsoft.public.win2000.group_policy)
  • Re: restricted groups for local admin rights
    ... > user to the local administrators group on that computer. ... >> First off be sure to use Restricted Groups at the Organizational Unit ... >>> I have read several articles on how to do it but it is confusing to me. ...
    (microsoft.public.windows.group_policy)
  • Re: Re: Change group membership
    ... It puts these users in a global group which is added to the local Administrators group on the workstations. ... >and you see the administrators group listed in the Restricted Groups window. ... >> Jerold Schulman ...
    (microsoft.public.win2000.active_directory)
  • Re: administrative privileage Q.
    ... You could use Group Policy Restricted Groups at the Organizational Unit ... place the computers in the OU where you want him to be a local admin. ... configure Restricted Groups and use "member of" for administrators group. ...
    (microsoft.public.windows.server.security)
  • Re: restricted groups for local admin rights
    ... I'm referring to local administrators and not domain administrators?) ... > describe you want to use the "member of" option for restricted groups. ... > way you can add a global group to the administrators group without affecting ...
    (microsoft.public.windows.group_policy)