[gptalk] restricted groups policy

  • From: "Graham Turner" <gturner@xxxxxxxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Mon, 8 Jan 2007 14:22:22 -0000 (GMT)

Dear all, I posted a while ago re the restricted groups policy, and its use in 
context of managing the membership of 'local administtators' of domain members.

It was indicated that there are 2 ways of implementing this - one using the 
of this group' and the other 'this group is a member of'

the latter being preferable on account if it allowing you to add to existing
membership and not overwrite it

it is just that when i come use the GP editor to define the policy for say
GLOBALGROUP1 (as the restricted group), the pick list that i get is that from 

is this just a red-herring in that even though i select 'MYDOM\Administrators' 
will add the GLOBALGROUP1 to the local administrators group of the computer 
that is
processing the policy ?

presumably on account of the domain local administrators group having the same 
as it is what i think is termed 'well known security principal' ??



You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/

Other related posts: