Re: Restricted Groups
- From: Laura <Laura@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 1 Sep 2006 10:14:01 -0700
Thanks for everyone's help. I was able to finally to make my domain group a
member of the Local Power Users group. I did need to install WinXP SP2
because when I ran Active Directory Users and Computers from an XP
workstation that I have Adminpak installed on it still wasn't letting me see
the local groups. Once I installed SP2 it worked like a charm and now I am
able to enjoy my weeked.
Thanks everyone soooo much.....
--
"just learning"
"Jorge Silva" wrote:
Hi.
Inline
- I created an OU named LabComputers, and added all my lab computerOk
objects
to it.
- I created a global security group in the OU named LabUsers and added allOk
the lab users I want to grant local admin group access to that group.
- I then created a new GPO on the OU that I created in the step above,You mean In OU Lab Users? If so you must apply this poliy to LabComputers OU
and not LabUsers OU, because restricted Groups policy is a computer policy.
Restricted Groups Policy affects the computer account, not the user
accounts.
I
navigated down to Restricted Groups and clicked on add group, THIS IS
WHERE I
GETTED CONFUSED, am I supposed to add the group of users I want to give
local
admin group access to, OR is this where I click on the local admin group?
First you should know that there're 2 different ways of configuring
restricted groups policy, and each one can change local existent groups on
those machines:
1 - Members of this group
2 - This group is Member Of
Ilustrated version
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
Links:
Restricted Groups policy
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scerestrictgroups.mspx?mfr=true
Description of Group Policy Restricted Groups
http://support.microsoft.com/Default.aspx?kbid=279301
Updates to Restricted Groups ("Member of") behavior of user-defined local
groups
http://support.microsoft.com/?kbid=810076
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Laura" <Laura@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:47CCC378-FF7B-414A-9E0B-DD2F1529BC0F@xxxxxxxxxxxxxxxx
I have read through most of the postings regarding Restricted Groups and I
am
still having problems trying to create a Restricted Groups and making the
domain users a member of the local computer admin group.
Running Windows 2003 Server SP1
Running Windows XP Pro SP1
This is what I did:
- I created an OU named LabComputers, and added all my lab computer
objects
to it.
- I created a global security group in the OU named LabUsers and added all
the lab users I want to grant local admin group access to that group.
- I then created a new GPO on the OU that I created in the step above, I
navigated down to Restricted Groups and clicked on add group, THIS IS
WHERE I
GETTED CONFUSED, am I supposed to add the group of users I want to give
local
admin group access to, OR is this where I click on the local admin group?
THE OTHER PROBLEM is I don't see the local admin, or local power users
group
at all.
-I know i should run gpedit from a workstation XP Pro Client that is a
memeber of the Domain right? Which I did.....
-I am only running Windows XP Pro SP1, I read in one of the posts that
there
is a hot fix regarding Windows XP Pro and the Restricted Groups and the
way
the local admin "behaves" Will that help me see the local Groups when I
run
gpedit form a workstation?
--
"just learning"
- Prev by Date: Re: Roaming Profiles
- Next by Date: Re: Active Directory Migration Tool
- Previous by thread: Re: Roaming Profiles
- Next by thread: Re: Restricted Groups
- Index(es):
Relevant Pages
|
