Re: Restricted Groups problem
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Mon, 9 Apr 2007 21:15:57 -0400
Hmm.. I don't know why that is, but you may want to try creating a local
group in the sub.domain domain and using that instead.
As a guess, it may just have to do with the way group policy is structured
that it won't pull from other domains. Kind of like a bug, since it doesn't
follow the way you can do that manually ;)
Al
"GeorgeMc" <GeorgeMc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2A0DDEDD-E371-446D-B0E8-DCEB64F62824@xxxxxxxxxxxxxxxx
That makes more sense. As far as groups go, I'm trying to add a global
security group from "domain" to the local machine Administrators group of
member servers in "sub.domain" via group policy. However, the global
groups
from "domain" are not an available choice (via the Restricted Groups
interface). I can manually do this at each machine however, so it doesn't
make sense as to why, they can be added at the machine level but not from
group policy.
"Al Mulnick" wrote:
By putting an entry in the "memberof" section, you're saying that it's
going
to be made a member of the groups defined. The group defined is the
administrators group. It is kind of counterintuitive, but that's what
works.
Are you trying to add a global group to a global group? Or am I
mis-reading
that?
"GeorgeMc" <GeorgeMc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D11F87A7-B228-467C-BEA5-C08A8E9A3AD7@xxxxxxxxxxxxxxxx
Yes, the group type is a global group from "domain". And, I'm not
clear
how
"member of" works, coul you elaborate a little more? I would think
member
of
means that the local machine administrators account would then be a
member
of
anothey type of account?
Thanks,
George
"Al Mulnick" wrote:
Sounds like a group type issue. I haven't tried it quite that way, but
all
you're really interested in is adding the group to the local
administrators.
Membership is not really critical to this situation.
What is the group type? Are you saying it's a global group from domain
?
As for not changing the local administrators group, you'll want to use
the
memberof feature only. Do not populate anything for the group.
Al
"GeorgeMc" <GeorgeMc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:73A58687-AD81-4BD5-8B8A-A7D3CB9268BA@xxxxxxxxxxxxxxxx
Hi!
I'm having a problem assigning the users/groups I want to the local
machine
administrators groups through the Restricted Groups policy. Here's
my
scenario:
- "domain"
- "sub.domain"
- OU in sub.domain called web servers
I have a Global Security group in "domain" called WebServerAdmins
with
users
from "domain".
On member servers in the web servers OU of sub.domain, I can
manually
add
domain\webserveradmins to the local administrators group.
I add "Administrators" to the Restricted Groups of sub.domain.
However,
when I try to add members to this group, domain\webserveradmins is
not
available from the "domain" location. The individual members of
domain\webserveradmins are available however.
I also created a sub.domain\test local domain group and added the
global
domain\webserveradmins to it. However, in Restricted Groups, the
only
sub.domain groups available to choose are sub.domain global groups
such
as
sub.domain\Domain Admins.
The bottom line is that I want, via group policy, to add
domain\webserveradmins to the local machine administrators group of
all
memberr servers of sub.domain.
In addition, I don't want to change the existing local member server
Administrators group, just add to what's existing.
Thanks,
George
.
- References:
- Re: Restricted Groups problem
- From: Al Mulnick
- Re: Restricted Groups problem
- From: GeorgeMc
- Re: Restricted Groups problem
- From: Al Mulnick
- Re: Restricted Groups problem
- From: GeorgeMc
- Re: Restricted Groups problem
- Prev by Date: Re: Active Directory Site Design and Replication
- Next by Date: Re: Default Ownership Problem
- Previous by thread: Re: Restricted Groups problem
- Next by thread: I need to create a domin user
- Index(es):
Relevant Pages
|
