[gptalk] Re: Restricted Groups - appending to local administrators
- From: "Omar Droubi" <omar@xxxxxxxxxxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Fri, 7 Sep 2007 11:59:46 -0700
Just type in the name of the local group and don't worry about specifying your
workstation name.
Remember that the GPO will be linked to an OU that contains the PCs you want to
apply the policy to and it will just look for the local group that has the name
you specify. See the figure for adding the domain "HelpDesk" group to the local
computers Remote Desktop Users group.
Omar
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Johnson, Matthew
Sent: Friday, September 07, 2007 11:14 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Restricted Groups - appending to local administrators
Here is what happens when I try following the instructions from Thorbjörn
Sjövold (see below).
1) I create the GPO
2) I go to the Restricted Groups, Right click and Choose Add Group
3) I browse and select the domain group which I want to add to the local
administrators group and click OK
4) I click Add under the section which says "This group is a member of"
5) I click Browse and then click the Locations button to choose my local
computer rather than the domain
Here's where the problem occurs
6) Once I do that, the field for Object Type goes blank (instead of
saying Groups)
So essentially it's not looking for any object type. I try typing in
LocalComputerName\administrators but it can't find it.
Thanks for any assistance.
Matthew Johnson
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of ca11235
Sent: Wednesday, September 05, 2007 5:46 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Restricted Groups - appending to local administrators
Guys,
Sorry for the slow thanks - my mail forwarding has gone a bit awol. Thanks for
the replies.
Col
On 30/08/07, Thorbjörn Sjövold <thorbjorn.sjovold@xxxxxxxxxxxxxxx> wrote:
Col, see below for an answer that I gave previously, this seem to be very
common question J
Best,
Thorbjörn
/******************************/
Actually it is both possible to both mirror and add, the latter is done using
the "This group is a member of:" part of the Restricted Groups settings, but
you have to select the groups in "reverse" order, i.e. first the group you want
to add and then where you want it, while in the normal case you select the
group to manage and then who should be in it.
So if you for example want to have Domains Admins added to the local
Administrators group, you select Add Group... in the Restricted Groups node,
then select Domain Admins from your domain and in the "This group is a member
of:" you select the Administrators group. Remember to select the local computer
in the Object Picker when you browse for the local group.
HTH,
Thorbjörn Sjövold
Special Operations Software
www.specopssoft.com <http://www.specopssoft.com/>
thorbjorn.sjovold a t specopssoft.com <http://specopssoft.com/>
Download our free tool for remote Gpupdate with graphical reporting,
http://www.specopssoft.com/products/specopsgpupdate/
<http://www.specopssoft.com/products/specopsgpupdate/>
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Auld Colin
Sent: den 30 augusti 2007 15:29
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Restricted Groups - appending to local administrators
Is there a way to *add* a member to the local administrators group on a member
server using Restricted Groups? I know that, normally, a Restricted Group
policy will remove any existing members and replace them with those set in the
policy. But what I'd like to do is use Restricted Groups to extend the list
i.e. leave the existing members as they are...
Col
|* This e-mail, and any attachments, is confidential and for the use of the
addressee only.
|* If you are not the intended recipient, please telephone +44 (0) 1506 408700
|* We do not accept legal responsibility for this e-mail or any viruses.
|* All e-mails sent and received by us are monitored.
|* Contracts cannot be concluded with us by e-mail.
|* This message has been sent from a member of the British Energy Group (the
"Group").
|* The parent company of the Group is British Energy Group plc, a company
registered in Scotland, registered number 270184, and having its registered
office at
|* Systems House, Alba Campus, Livingston EH54 7EG
Other related posts:
