Re: Site Policies and Domain Controllers

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Florian Frommherz [MVP]" <florian@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Sep 2007 07:27:31 +0200

Howdie!

JayDee schrieb:

We would like to create a site policy that adds a domain global group
to the local administrators group of all servers on a specific subnet,
since we will have a local group supporting them... however, there is
a domain controller on one of the subnets. Is there any way to set up
our "restricted groups" policy on all servers without giving those
admins administrator access to the entire domain??

You could try to create the Group Policy linked to the site and then deny the specific domain controller the "Read" and "Apply Group Policy" permission on the GP:

http://www.frickelsoft.net/blog/?p=28

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
.

References:
- Site Policies and Domain Controllers
  - From: JayDee

Prev by Date: Re: Types of ICMP Used by DC?
Next by Date: Re: Group Policy Reporting
Previous by thread: Site Policies and Domain Controllers
Next by thread: Re: Group Policy Reporting
Index(es):
- Date
- Thread

Relevant Pages

Site Policies and Domain Controllers
... We would like to create a site policy that adds a domain global group ... to the local administrators group of all servers on a specific subnet, ...
(microsoft.public.windows.server.active_directory)
Re: server local admin group
... You can add the domain group to the local administrators group manually ... using lusrmgr.msc on each server or via Group Policy Restricted Groups ... "member of" if you have a large number of servers to do such to. ...
(microsoft.public.security)
Re: Terminal Server GPO Issue
... servers that is not in the OU where the GPO is supposed to be applied and I ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Sharepoint Auth GPO ... Event Log Settings ...
(microsoft.public.windows.server.active_directory)
Re: PPTP Site-to-Site VPN problem
... My understanding has always been that if you route between 2 or more different subnets then there has to be a gateway defined. ... If routing on a single subnet then no gateway needs to be defined. ... the RRAS service on the servers. ...
(microsoft.public.windows.server.networking)
Re: browsing nightmare .. please help
... all my clients including my servers all point to one ... move 8 servers from subnet A to subnet B. ... In my conclusion I think on subnetB the browser master is having problems ... domain master browser which resides in subnetA. ...
(microsoft.public.windows.server.dns)