[gptalk] Restricted Groups - unexpected behaviour (multi-lingual environment)
- From: "HENDRIKUS Terwint [SEDIRSI]" <terwint.hendrikus.prestataire@xxxxxxxxxxxxxxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Fri, 30 May 2008 11:42:53 +0200
All,
Anyone seen this before ?
We are in a multi-lingual environment:
· DC's/AD in French
· Some member servers in English
è In Restricted Groups we added "Administrateur" (in French) as one of the
members of the local administrators group
o "Administrateur" shows as "Administrateur" in the GptTmpl.inf file (not
it's SID but the name written in French)
è If this GPO is applied to the English version (member) servers, the local
administrators group contains these members:
o "Local server\Administrator"
o "Domain\Administrateur"
o Etc. (all other groups specified in the Restricted Groups policy)
How does this work? The CSE responsible for that, does it do this :
* query "Administrateur" - error
* cannot find it locally, finds it in the domain and adds
"Domain\Administrateur"
If that is true, this would explain how "Domain\Administrateur" got into the
local administrators group, but how did the "Local\Adminstrator" account get
added? (as the GPO has been configured with /and the .inf file contains
"administrateur", not "administrator")
Even though it's of course perfectly alright to have the "Local\Administrator"
account in the Local Administrators group, I still would have liked to
understand why this happened, and also whether there is a way to keep the
"Domain\Administrateur" account out of it.
Thanks in advance for your help,
Hendrikus
Other related posts:
