Re: restricted groups
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 02/10/05
- Next message: ptwilliams: "Re: Disjoin and rejoin domain loses user profile?"
- Previous message: Jeff Qiu [MSFT]: "Re: AD 2003 - Time Services"
- In reply to: Al: "Re: restricted groups"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: restricted groups"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 08:25:34 -0000
I believe you can do this from the DC even though there isn't a Power Users
group on the DC, but you have to simply type it in - you can't select it.
If you were to do this from a machine using the adminpak then the Power
Users group exists on that machine and would therefore show up in the
applicable box/ window.
In case you're not sure, the adminpak can be found in the
%systemroot%\system32 of any server. It is called adminpak.msi. If you are
running Win2000, you should get this from a Win2000 server; if you are
running XP you should either get this from a 2003 server or download it from
http://download.microsoft.com. If you're using another platform you're out
of luck ;-)
-- Paul Williams http://www.msresource.net/ http://forums.msresource.net/ "Al" <Al@discussions.microsoft.com> wrote in message news:A243C787-16E5-4FE9-97F0-5847F0A8F567@microsoft.com... Hi Everyone First thanks for help. Both Herb and Gary mention the need of this Adminpak and working from a workstation to get this to work. I must admit that I haven't yet read a article that has mentioned this or actually seen it in several of the Microsoft training books I have looked through. I will have to mention this to one of our instructors who brought it to my attention when he was working through a training manual in preperation for a lab and I know there is no mention in this manual about this. I used the interactive group based on the advise of another network administrator but based on what Ptwilliams has said I can see the problem there. "Cary Shultz [A.D. MVP]" wrote: > Al, > > Because you need to create the GPO from a workstation on which you have > installed the ADMINPAK. You will not be able to do this when sitting on a > Domain Controller! It is well documented! > > -- > Cary W. Shultz > Roanoke, VA 24014 > Microsoft Active Directory MVP > > http://www.activedirectory-win2000.com > http://www.grouppolicy-win2000.com > > > > "Al" <Al@discussions.microsoft.com> wrote in message > news:40FE30C7-1CB0-4623-906B-19247A4D82F0@microsoft.com... > >I have an application that all domain users must be able to run on a > >local > > machine. It requires them to be a member of the power users group. > > What I'm trying to do is under the default domain policy is use the > > restricted group setting to make the domain users group a member of the > > local > > power users group. When I do this and the log on as a domain user and > > then > > try to run this application it fails. However if I manually add the > > domain > > users group to the power users account through the local users and > > groups > > management console the domain user is able to run the application. > > Why is the restricted group policy not working for me. > > >
- Next message: ptwilliams: "Re: Disjoin and rejoin domain loses user profile?"
- Previous message: Jeff Qiu [MSFT]: "Re: AD 2003 - Time Services"
- In reply to: Al: "Re: restricted groups"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: restricted groups"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
