Group policy tatooing with restricted group ? or strange behaviour !
- From: Eric <Eric_m@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 08 Jul 2009 12:12:34 +0200
Hello,
we have Windows 2000/Xp clients in our Active Directory.
Configuration 1 --> We had a GPO applied on computers that defined a restricted group for BUILTIN\Administrators. (So, if a user wanted to add himself to his local administrators group,his user account was automatically removed from this group).
Configuration 2 --> During three months, we have changed this GPO and the restricted group was defined witht the "member of" parameter so a user was able to add himself to the local admin group.
Configuration 3 (= configuration 1) --> Then, as some of the users knew the local admin password and have added without autorization to the local admin group, we have configured the restricted group as before (and so users are removed from the local admin group).
now the problem ...
If a user power on his computer with the network disabled or if the GPO is not applied for any reason), the local admin group is identical to what is was during the "configuration 2" and so some users are local admin ...
Is it normal ?
Thank you
--
Eric
.
- Follow-Ups:
- Re: Group policy tatooing with restricted group ? or strange behaviour !
- From: Paul Bergson [MVP-DS]
- Re: Group policy tatooing with restricted group ? or strange behaviour !
- From: Meinolf Weber [MVP-DS]
- Re: Group policy tatooing with restricted group ? or strange behaviour !
- Prev by Date: Re: Sezing FSMO roles...
- Next by Date: DNS zone disappered
- Previous by thread: DNS zone disappearing
- Next by thread: Re: Group policy tatooing with restricted group ? or strange behaviour !
- Index(es):
Relevant Pages
|
Loading
