Restricted Groups - Local Users Group
- From: "jmalloney" <jmalloney@xxxxxxxxxx>
- Date: Thu, 13 Oct 2005 10:27:51 -0400
I have used restricted groups in GP to control membership of both the local
users and administrators groups. I added the "domain users" group to
"Users" and "Domain Admins" group to "Administrators". The main reason I
did this was that I wanted all domain users to be restricted from making
system-wide changes to their local pc. The policy worked as I could see
that their local groups reflected my settings at the domain. The problem is
that although domain users are in the "users" group they are still able to
make system-wide changes. I tested this, as a user I can make myself a
local admin, delete system files...etc...
In the past I never used group policy for this. I would simply open control
panel, users, and add the user to the "restricted users" group. This always
worked well, and prevented them from making any critical changes to the
system. My understanding was that the "users" in computer management was
the same as the "restricted users" group shown in control panel\users. What
am I doing wrong?? I want all my domain users to be restricted through group
policy!!
HELP!
.
- Follow-Ups:
- Re: Restricted Groups - Local Users Group
- From: Steven L Umbach
- Re: Restricted Groups - Local Users Group
- Prev by Date: Re: Local Policy restriction
- Next by Date: Re: Local GP for just 1 user
- Previous by thread: Group policy settings and pdf via IE
- Next by thread: Re: Restricted Groups - Local Users Group
- Index(es):
Relevant Pages
|
Loading
