RE: Restricted Group Problem My Scenario and problem..what am i doing

---

• From: briandel@xxxxxxxxxxxxxxxxxxxx (Brian Delaney [MSFT])
• Date: Mon, 28 Aug 2006 23:55:16 GMT

---

Hi,

Restircted Groups applies to the computer and not to a specific user. So,
if you wish to security filter the policy you must filter it based on
computer accounts. The computers you wish to apply this policy must have
Read and Apply Group Policy Permissions. Normally, the computer accounts
get these permissions via the Authenticated Users group.


Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

Thread-Topic: Restricted Group Problem My Scenario and problem..what am i

doing

thread-index: AcbK6qfmRlm0wHv0Qs+rpOCMFt0GDg==
X-WBNR-Posting-Host: 130.207.57.30
From: =?Utf-8?B?Qm9va2VyVw==?= <loneque@xxxxxxxxxxx>
Subject: Restricted Group Problem My Scenario and problem..what am i doing
Date: Mon, 28 Aug 2006 14:41:01 -0700

On my XP box with GPMC installed, I setup a GPO as follows

1. Open up a GPO
2. Within Computer Configuration, Restricted Groups, I click to Add Group
3. Click Browse, Chose Local Computer Name, choose Administrators Group\
4. When the Administraotrs Group Properties box pops up, on the members of
this group, I add Domain admins, another domain group, and then i choose

the

local computer name and add the renamed account that we use on all of our
local boxes that is the built in administrator account

5. I do not edit or change anything in the "This group is a member of"

section

6. I think click Apply and OK

7. Next, I go into the properties of the GPO itelf, the scope, details,
settings amd delegation tabs

8. On the scope, I remove authenticated users and add a domain testuser,
and the domain admins group

9. Inside of Delegation, testuser has read/apply GP permission and domain
admins has R/W and Apply group Policy, etc...


When i go to the computer that this GPO is linked to (Linked to the OU

that

the computer is in), no matter who I log on as.. testuser or a domain

adins,

in the Policy Summary, for my restricted Group GPO, it shows in the Denied
GPO's.. reason denied: Inaccessible!!


What gives!!??

Thanks

.

---

• Follow-Ups:
  • RE: Restricted Group Problem My Scenario and problem..what am i do
    • From: BookerW

• Prev by Date: RE: Migration NT4 to W3K AD
• Next by Date: LDAP query help request.
• Previous by thread: Re: Copying Group Policy Settings
• Next by thread: RE: Restricted Group Problem My Scenario and problem..what am i do
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: GPO settings are not applied ... Microsoft Windows XP Operating System Group Policy Result tool v2.0 ... GPO: Automatic_Updates ... GPO: Default Domain Policy ... Secure Proxy Server: N/A ... (microsoft.public.windows.server.active_directory) Re: Group Policy Not Applying to an OU ... I was using the Group Policy Management Console and in there I was ... console and accept the default Security Filter of "Authorized Users" ... The GPO did not apply. ... (microsoft.public.windows.group_policy) Re: loopback processing mode ... Deny Apply Policy for Domain Admins for the particular GPO Object. ... (microsoft.public.windows.group_policy) Re: Set GPO for specific user group ... OK, now the new GPO is listed, but the ie homepage is still set to ... Microsoft Windows XP Operating System Group Policy Result too ... Small Business Server Domain Password Policy ... Filtering: Denied ... (microsoft.public.windows.server.sbs) Re: Set GPO for specific user group ... Microsoft Windows XP Operating System Group Policy Result too ... Small Business Server Domain Password Policy ... Filtering: Denied ... Filtering: Disabled (GPO) ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2006-08