Re: problem with "Restricted Groups" within a GPO linked to my domain.
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 22 Jan 2006 02:39:58 -0600
Restricted Groups does not prevent a user that can add members to a RG from
doing so. What RG will do however is to enforce membership of the RG at the
next Group Policy computer configuration refresh which for a domain
controller is no more then five minutes by default or you can force a
refresh at which time you should see the unauthorized user removed from the
RG. --- Steve
"Gregory Mode" <GregoryMode@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8E0CA82E-5DDB-42E0-AC39-29934002A5F3@xxxxxxxxxxxxxxxx
> I'm currently trying to set up "Restricted Groups" in my domain and I'm
> having problems (I think).
>
> From my understanding, when I define a group(s) within the "Restricted
> Groups" for a policy (that policy being linked to the domain, *enforced
> and
> *enabled) that group can no longer be modified (users cannot be added nor
> removed from that group in 'Active Directory Users and Computers' mmc).
>
> I defined 'Enterprise Admins' within "Restricted Groups," and for the
> Enterprise Admins, I defined one administrator user as a member of. I
> restarted the Server to have the policy take effect, signed on as totally
> different user with administrator privileges, and with that user account
> was
> able to add any user to the 'Enterprise Admins' group.
>
> What am I missing?
>
.
- Prev by Date: Re: How can a User force logoff of another User
- Next by Date: Re: problem with "Restricted Groups" within a GPO linked to my domain.
- Previous by thread: Re: shutdown logfile
- Next by thread: Re: problem with "Restricted Groups" within a GPO linked to my dom
- Index(es):
Relevant Pages
|
