Re: local admin-rights

From: Arild Bakken (arildb_@hotmail.com)
Date: 12/05/02 

From: "Arild Bakken" <arildb_@hotmail.com>
Date: Thu, 5 Dec 2002 23:09:48 +0100

Yeah, the policies take some time to refresh. You can force it though:

  secedit /refreshpolicy machine_policy /enforce

should do the trick whenever you change a policy and don't want to wait or
reboot the computer.

Arild

maestro wrote:
> I was to fast in my reaction, when the GP refreshed(+/- 90min.) it
> worked as it should work!
> Still I don't understand what the option 'this group is a member of'
> does on the window 'configure membership for administrators' in the
> new added restricted group
>
> Tx.
>
> "maestro" <maestro@pcvo-meetjesland.be> schreef in bericht
> news:O7DCMhqmCHA.2312@TK2MSFTNGP08...
>> Tx for the response.
>>
>> I created a new OU, moved a computer to that OU , added a policy to
>> that OU and modified it by adding the group 'Administrators' to the
>> restricted groups.
>> I then added user 'jhon' as a member of that restricted group, also
>> I added the 'Administrators' as a member of that group(don't
>> understand what that does).
>> And if I logon to the computer, I still don't have local admin
>> rights.
>>
>> Close but no sigar.........
>> Nico.
>>
>> "Arild Bakken" <arildb_@hotmail.com> schreef in bericht
>> news:eFfhI2jmCHA.1216@tkmsftngp02...
>>> maestro wrote:
>>>> How can I configure it so that a OU has admin-rights on the
>>>> machine's they logon to other then manually add them to the
>>>> local-admin group(I have to do this on 150 systems).
>>>> I heard something about restricted groups but I played a bit with
>>>> it, but not a good result so far.
>>>>
>>>> Tx.
>>>
>>> Hi,
>>>
>>> Group Policy with restricted groups should do the trick. Add the
>>> group policy to the OU that the computer resides in, since this
>>> policy applies to the computer, and not the user. Add the
>>> "Administrators" group in the restricted group section, and define
>>> the users that are to be members of the local administrators group.
>>> Remember that this will override any manually added members each
>>> time the policy is reapplied.
>>>
>>>
>>> Arild

Relevant Pages

  • Re: Restricted Groups not taking effect right away
    ... Enable UserEnv.Log logging of policies and profiles (This policy enables ... We're trying to remove local administrator rights from machines, ... I created a GPO that adds the "NL7Pilot" group as a member of the Local ... Administrators group through Restricted Groups, ...
    (microsoft.public.win2000.group_policy)
  • Re: local admin-rights
    ... Still I don't understand what the option 'this group is a member of' does on ... > and modified it by adding the group 'Administrators' to the restricted ... > I then added user 'jhon' as a member of that restricted group, ... >> Group Policy with restricted groups should do the trick. ...
    (microsoft.public.win2000.security)
  • Re: Termserv loses security settings each night
    ... It is a member server in a single-domain forest. ... Domain Security Policy might be the key - see below. ... By default, members of the Remote ... I got it working today by adding a GPO ...
    (microsoft.public.win2000.termserv.apps)
  • Re: Group Policy
    ... member server with *no* other roles on the network. ... regardless of their own inherited user policy settings). ... that shouldn't apply to administrators. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Group Policy
    ... you should be running Terminal Services on a dedicated member server ... user policy settings). ... and it wouldn't affect your administrators. ...
    (microsoft.public.windowsxp.security_admin)