[gptalk] Restricted Groups and Local Accounts

  • From: "WATSON, BEN" <bwatson@xxxxxxxxxx>
  • To: undisclosed-recipients:;
  • Date: Fri, 5 Sep 2008 13:19:59 -0700

Say I want to create a restricted groups policy that when applied to
specific machines will always ensure that a local user account with a
certain name will be added to the local administrators group.


Is there a way to do this?  When I create the policy and point the
restricted groups policy to my own machine to grab the name of the local
account, it works on my machine, but the policy will not add that local
account to any other machines.  Just to clarify, if the user account is
created with the same name as specified in the policy, the restricted
groups policy apparently does not recognize that local account and does
not add it to the local administrators group.


Is the policy actually using the local SID of the account and thus even
though all the local accounts are named the same, the policy doesn't
believe them to be the same and thus doesn't process it?  That's the
only thing I can think of for why this wouldn't work.






Best way to annoy your co-workers?  E-mail.


Other related posts: