Re: local admin-rights

From: maestro (maestro@pcvo-meetjesland.be)
Date: 12/03/02 

From: "maestro" <maestro@pcvo-meetjesland.be>
Date: Tue, 3 Dec 2002 11:35:53 +0100

I was to fast in my reaction, when the GP refreshed(+/- 90min.) it worked as
it should work!
Still I don't understand what the option 'this group is a member of' does on
the window 'configure membership for administrators' in the new added
restricted group

 Tx.

"maestro" <maestro@pcvo-meetjesland.be> schreef in bericht
news:O7DCMhqmCHA.2312@TK2MSFTNGP08...
> Tx for the response.
>
> I created a new OU, moved a computer to that OU , added a policy to that
OU
> and modified it by adding the group 'Administrators' to the restricted
> groups.
> I then added user 'jhon' as a member of that restricted group, also I
added
> the 'Administrators' as a member of that group(don't understand what that
> does).
> And if I logon to the computer, I still don't have local admin rights.
>
> Close but no sigar.........
> Nico.
>
> "Arild Bakken" <arildb_@hotmail.com> schreef in bericht
> news:eFfhI2jmCHA.1216@tkmsftngp02...
> > maestro wrote:
> > > How can I configure it so that a OU has admin-rights on the machine's
> > > they logon to other then manually add them to the local-admin group(I
> > > have to do this on 150 systems).
> > > I heard something about restricted groups but I played a bit with it,
> > > but not a good result so far.
> > >
> > > Tx.
> >
> > Hi,
> >
> > Group Policy with restricted groups should do the trick. Add the group
> > policy to the OU that the computer resides in, since this policy applies
> to
> > the computer, and not the user. Add the "Administrators" group in the
> > restricted group section, and define the users that are to be members of
> the
> > local administrators group. Remember that this will override any
manually
> > added members each time the policy is reapplied.
> >
> >
> > Arild
> >
> >
>
>

Relevant Pages

  • Re: Restricted Groups not taking effect right away
    ... Enable UserEnv.Log logging of policies and profiles (This policy enables ... We're trying to remove local administrator rights from machines, ... I created a GPO that adds the "NL7Pilot" group as a member of the Local ... Administrators group through Restricted Groups, ...
    (microsoft.public.win2000.group_policy)
  • Re: Group Policy
    ... member server with *no* other roles on the network. ... regardless of their own inherited user policy settings). ... that shouldn't apply to administrators. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Group Policy
    ... you should be running Terminal Services on a dedicated member server ... user policy settings). ... and it wouldn't affect your administrators. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Administrator group on local machines
    ... Add "Administrators" to the list of Restricted Groups within Group Policy. ... Add only the users/groups that you want to be a member of the group, ...
    (microsoft.public.win2000.group_policy)
  • Re: Local Admin on desktops
    ... add the user accounts that you want to be administrators on the workstations to this group ... "The Member Of list specifies groups in which the restricted group is ... If you remove a group from the Member Of list, the restricted group is ... administrators) without giving them Domain Admin privelidges? ...
    (microsoft.public.windows.server.active_directory)