Re: Default Security Groups
- From: "Mike" <reply@xxxxxxxx>
- Date: Thu, 22 Feb 2007 23:06:53 +1100
err GPMC even
"Mike" <reply@xxxxxxxx> wrote in message
news:ObcQ%23enVHHA.4028@xxxxxxxxxxxxxxxxxxxxxxx
Hi Tom,
Thanks for your reply. I'm sorry to say you've missed my point...
I followed your steps precisely (except I used Group Policy Object editor)
and I still have the same problem.
Follow my thoughts:-
Physically at the console of client machine 'fish' I add to the local
administrators security group 'DOMAIN\testuser'
I then follow your steps to apply restricted groups, in particular I add
the group 'DOMAIN\SME Admins' to the Administrators group.
I replicate the AD connections, run gpupdate on 'fish' and check the local
administrators security group.
'DOMAIN\testuser' no longer exists. Instead it has been replaced with
'DOMAIN\SME Admins'
See my point now?
As stated in my initial post, we would like to add a second security group
to the computers administrator group i.e not altering any groups/users
that are already there.
Regards,
Mike.
"tom" <v-tozhan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:2tJlp2lVHHA.1540@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi Mike,
Thank you for your post!
Domain Admins is a global group designed to help you administer all the
computers within a domain. When a computer is joined to the domain, the
Domain Admins group will be added to local administrators group by
default.
For example, you can try the following steps on a domain controller.
1. Start Active Directory Users and Computers from any domain controller.
2. Create an organizational unit, and then move all of the appropriate
workstations and member servers to that organizational unit.
3. Right-click the organizational unit, and then click Properties.
4. Click the Group Policy tab, click NEW, and then name the policy.
5. Click the policy, and then click Edit.
6. Right-click Restricted Groups (under Computer Configuration\Windows
Settings\Security Settings\Restricted Groups), and then click Add Group.
7. Input Administrators, and then click OK. You are returned to the group
policy and you see the Administrators group listed in the Restricted
Groups
window.
8. Double-click the Administrators group.
9. To the right side of the Members of this Group box, click ADD, and
then
click Browse.
10. Add the group. After you do so, close the group policy.
For more information, please refer to the following KB article and
TechNet
article:
810076 Updates to Restricted Groups ("Member of") behavior of
user-defined
local groups
http://support.microsoft.com/kb/810076/en-us
Restricted Groups Policy Settings
http://technet2.microsoft.com/WindowsServer/en/library/156780ef-eb36-4433-b3
fe-1b1a15c18f6a1033.mspx?mfr=true
Please try my steps and update me with the results. If something is
unclear, please feel free to let me know.
Sincerely,
Tom Zhang, MCSE 2003
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
.
- References:
- Re: Default Security Groups
- From: tom
- Re: Default Security Groups
- From: Mike
- Re: Default Security Groups
- Prev by Date: Re: Default Security Groups
- Next by Date: Re: Migration Active Directory from Windows 2000 to Windows 2003 Server
- Previous by thread: Re: Default Security Groups
- Next by thread: Re: Default Security Groups
- Index(es):
Relevant Pages
|
