[gptalk] Re: restricted groups - MERGE
- From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Tue, 5 Dec 2006 11:38:09 -0800
Yep, still a computer policy and so, still targeted at computers.
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Graham Turner
Sent: Tuesday, December 05, 2006 11:06 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: restricted groups - MERGE
ah didn't know of the other mode - 'members of' as u term it
i assume the policy still links to the OU holding computers whose 'local
administrators' group we want to add to
just that it sounds like u r configuring the group and not the computers
G
> Graham-
> Restricted Groups has two modes--one mode is an exclusive membership thing
> and you can't merge group members, either between GPOs or with existing
> members. However, the other mode is not exclusive, and lets you add a
given
> group to another groups, such as local administrators. This is the
so-called
> "Members of" part of the policy. That should solve your issue here. Let us
> know if that doesn't work.
>
> Darren
>
>
> -----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
> Behalf Of Graham Turner
> Sent: Tuesday, December 05, 2006 10:23 AM
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] restricted groups - MERGE
>
> i am sure this one has already been asked 'seven million times' but ..
>
> want to leverage the restrictied groups, such that policy dicates that
> certain
> global groups are added to 'local administrators' group of machines to
which
> policy
> is linked.
>
> common issue is that to define this policy causes issues with servers some
> of which
> have non-standard security and removes anything not defined by the policy.
>
> just wanted to check no recent extensions to the client side processing of
> GPO's
> such that we can now set this policy in some sort of 'merge' mode whereby
> listed
> groups are merged with existing entries.
>
> it is just that i read somewhere on an acquistion by MS of a 'Desktop
> standard' in
> which said capability is functional.
>
> GT
>
>
>
>
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at //www.freelists.org/archives/gptalk/
> ************************
>
> ***********************
> You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx
> with 'unsubscribe' in the Subject field OR by logging into the
freelists.org Web
> interface. Archives for the list are available at
> //www.freelists.org/archives/gptalk/
> ************************
>
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
