Re: Group Manipulation
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Nov 2005 13:21:34 -0600
See the instructions in the link below and use "this group is a member of"
option for your new global group that contains the users that you want to be
local administrators. The computers that you want this to be enforced on
must be in the OU path [parent or child OU]where the Group Policy enforcing
Restricted Groups is configured. --- Steve
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
"Millette" <Millette@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:90838202-7487-4BF1-806F-885135957387@xxxxxxxxxxxxxxxx
> Ok, I created a unique group name and placed in an OU. To reduce
> maintenance
> I added a common domain group in the "This group is a member of" section.
> Will that provide the same result? Also, now that this group is created,
> how
> do I assign it to the local admin group of the PC's or is that automatic?
> --
> Chris Millette
> Network Administrator
> Community Bank & Trust
>
>
> "Steven L Umbach" wrote:
>
>> Sure you could use Restricted Groups. You could add the users to a global
>> group and then use Restricted Groups to add that global group to the
>> local
>> administrators group on those computers within the scope of management of
>> the Group Policy with Restricted Groups as long as you don't mind all
>> those
>> users being local administrators on all those computers keeping in mind
>> that
>> a local administrator can access any unencrypted data on the computer if
>> he
>> knows how to and wants to though you can use Group Policy to greatly
>> reduce
>> the number of users that may be able to do such as the skill level needed
>> increases as restrictions increase. --- Steve
>>
>>
>> "Millette" <Millette@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:B440784D-4ADA-49E2-B5C2-8875C372BADB@xxxxxxxxxxxxxxxx
>> >I have a question about this as well. I have several users that move
>> >from
>> >PC
>> > to PC often but need to be added as local admins on each PC in order
>> > for a
>> > software package to work. Will this work for that as well?
>> > --
>> > Chris Millette
>> > Network Administrator
>> > Community Bank & Trust
>> >
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> You could either use a Group Policy "startup" script with the net
>> >> localgroup
>> >> administrators command or use Restricted Groups. If you use Restricted
>> >> Groups for the purpose you want to do be sure to configure it at the
>> >> OU
>> >> level and NOT the domain level. The link below explains more. Note
>> >> there
>> >> are two distinct options - members of this group and members of this
>> >> group .
>> >> The members of this group will remove anyone from the group that is
>> >> not
>> >> listed while the members of this group will make sure that the group
>> >> is
>> >> in
>> >> the group designated and requires that SP4 be installed on W2K
>> >> computers
>> >> to
>> >> work correctly. --- Steve
>> >>
>> >> http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
>> >>
>> >> "test" <test@xxxxxxxx> wrote in message
>> >> news:u5sdmEJ4FHA.1596@xxxxxxxxxxxxxxxxxxxxxxx
>> >> > Is it possible to use group policy to assign a domain group to be a
>> >> > local
>> >> > administrator on all clients that recieved the group policy?
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
.
- Follow-Ups:
- Re: Group Manipulation
- From: Millette
- Re: Group Manipulation
- References:
- Group Manipulation
- From: test
- Re: Group Manipulation
- From: Steven L Umbach
- Re: Group Manipulation
- From: Steven L Umbach
- Group Manipulation
- Prev by Date: Re: local policy problem
- Next by Date: Re: Change specific registry settings with Group Policy
- Previous by thread: Re: Group Manipulation
- Next by thread: Re: Group Manipulation
- Index(es):
Relevant Pages
|
Loading
