Re: restricted groups frustration!
- From: "Phillip Drummond" <w@xxxxx>
- Date: Tue, 2 Oct 2007 11:04:24 -0400
yes i am working on the DC... but why should this matter? and im applying this to the default domain policy. i cant do it at the OU level because there are hundreds of OU's with servers in them.
thanks
"Anthony" <anthony.spam@xxxxxxxxxxxxxx> wrote in message news:uPid7RQBIHA.4656@xxxxxxxxxxxxxxxxxxxxxxx
Are you perhaps working directly on the DC, instead of using the GP console from a workstation?
Also, as Tim said, the policy should apply to a distinct OU where the servers are.
Anthony, http://www.airdesk.co.uk
"Phillip Drummond" <w@xxxxx> wrote in message news:%23VB6cEQBIHA.1208@xxxxxxxxxxxxxxxxxxxxxxxnope. this isnt working. the ONLY place the group is being added to is the builtin\administrators group in AD (active directory users and computers) NONE of the domain machines are getting this group added.
does anyone have ANY idea what i can check?
"Tim Chin" <donotemail> wrote in message news:%23On0k5PBIHA.1212@xxxxxxxxxxxxxxxxxxxxxxxIt sounds like you're doing everything correct. I would just make sure that when you are in restricted groups, be sure to use the object picker to find the group you want added to the administrators group. Typing 'Administrators' in the second part should work fine. If you perform a gpupdate (no /force or reboot is required), you'll see the changes immediately (if the dc that provided logon has the latest version of the gpo you're working with).
Note: If you're putting this in the default domain policy, it will also apply to domain controllers. If this is not the desired RSOP, you'll most likely want to create a new gpo with these settings in it and security filter it to 'Domain Computers', which avoids domain controllers.
Tim
"Phillip Drummond" <w@xxxxx> wrote in message news:uY9DDJPBIHA.1212@xxxxxxxxxxxxxxxxxxxxxxxwhy doesnt this simply work??
i am trying to add an AD group to the local administrators group on all domain servers. i am using the default domain policy, computer configuration, windows settings, security settings, restricted groups.
i create a new group in here using the group that i want added to local admins and then configure the second box "this group is a member of" option. in here i am typing "Administrators".
24 hours has gone by. shouldnt i be able to log on to ANY domain machine and see this group in the local admins group? because i dont. can someone please tell me what the problem is?
.
- Follow-Ups:
- Re: restricted groups frustration!
- From: Darren Mar-Elia
- Re: restricted groups frustration!
- References:
- restricted groups frustration!
- From: Phillip Drummond
- Re: restricted groups frustration!
- From: Tim Chin
- Re: restricted groups frustration!
- From: Phillip Drummond
- Re: restricted groups frustration!
- From: Anthony
- restricted groups frustration!
- Prev by Date: Re: restricted groups frustration!
- Next by Date: Re: restricted groups frustration!
- Previous by thread: Re: restricted groups frustration!
- Next by thread: Re: restricted groups frustration!
- Index(es):
Relevant Pages
|
