Re: restricted groups
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 02/11/05
- Next message: Herb Martin: "Re: DCPROMO - Help - Strange Macintosh Problem"
- Previous message: Doug Frisk: "Re: Default-First-Site-Name"
- In reply to: Al: "Re: restricted groups"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 20:24:34 -0500
Al,
The Adminpak is a very important utility. I have not read ( er, better
said, remember reading ) anything in any manual from Microsoft about this.
But that is one of the major differences between actually doing something
and learning about something. The way that you do things in school are
usually very structured and cover only the major points ( well, that depends
on the focus of the school and the instructors of said school ). All of the
little extras ( check out the ALTools.exe.....really awesome stuff ) usually
remain unknown until you have a specific need, post a question and someone
with some 'extra' knowledge and/or experience mentions this in his/her
reply.
I was toying with the idea of having a school for non-IT people who are
responsible for the computer networks as well as a school for beginning IT
people. I would focus on the way things are really done...not how some book
tells you to do it. Have not yet done that...but probably will soon. Now,
do not misunderstand me...knowing the book stuff is really important. It
should be the foundation. Without this foundation you are lost. But, with
just the foundation you are a bit limited in what you can do. Experience -
or a really great mentor - helps fill in the blanks!
-- Cary W. Shultz Roanoke, VA 24014 Microsoft Active Directory MVP http://www.activedirectory-win2000.com http://www.grouppolicy-win2000.com "Al" <Al@discussions.microsoft.com> wrote in message news:A243C787-16E5-4FE9-97F0-5847F0A8F567@microsoft.com... > Hi Everyone > > First thanks for help. Both Herb and Gary mention the need of this > Adminpak > and working from a workstation to get this to work. I must admit that I > haven't yet read a article that has mentioned this or actually seen it in > several of the Microsoft training books I have looked through. I will have > to > mention this to one of our instructors who brought it to my attention when > he > was working through a training manual in preperation for a lab and I know > there is no mention in this manual about this. I used the interactive > group > based on the advise of another network administrator but based on what > Ptwilliams has said I can see the problem there. > > "Cary Shultz [A.D. MVP]" wrote: > >> Al, >> >> Because you need to create the GPO from a workstation on which you have >> installed the ADMINPAK. You will not be able to do this when sitting on >> a >> Domain Controller! It is well documented! >> >> -- >> Cary W. Shultz >> Roanoke, VA 24014 >> Microsoft Active Directory MVP >> >> http://www.activedirectory-win2000.com >> http://www.grouppolicy-win2000.com >> >> >> >> "Al" <Al@discussions.microsoft.com> wrote in message >> news:40FE30C7-1CB0-4623-906B-19247A4D82F0@microsoft.com... >> >I have an application that all domain users must be able to run on a >> >local >> > machine. It requires them to be a member of the power users group. >> > What I'm trying to do is under the default domain policy is use the >> > restricted group setting to make the domain users group a member of the >> > local >> > power users group. When I do this and the log on as a domain user and >> > then >> > try to run this application it fails. However if I manually add the >> > domain >> > users group to the power users account through the local users and >> > groups >> > management console the domain user is able to run the application. >> > Why is the restricted group policy not working for me. >> >> >>
- Next message: Herb Martin: "Re: DCPROMO - Help - Strange Macintosh Problem"
- Previous message: Doug Frisk: "Re: Default-First-Site-Name"
- In reply to: Al: "Re: restricted groups"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
