How do I get Restricted Groups to be real time?

From: Todd (Todd_at_discussions.microsoft.com)
Date: 02/08/05 

Date: Tue, 8 Feb 2005 12:05:03 -0800

I have a question regarding Restricted Groups...

I am trying to make the changes that I've set for Restricted Groups to be as
close to real time as possible. We had another user created today and the
user was added to the built in administrators group by a ghost admin...refer
to an alternate post for the whole story if you're interested...titled
"Security Breach in AD" from 02/07/05

Anyway...In about 5 minutes the user was removed from the built in admin
group as I have configured with Restricted Groups. Trying to make it real
time security, I have changed the default domain policy, the default domain
controller policy, and the local machine policy all to reflect the following
changes trying to make this a real time restriction:
I have enabled the... refresh interval for computers to 0, refresh interval
for domain controllers to 0 for the computer group policies
as well as the refresh interval for users to 0 for the user group policies.
I obviously do not know what I am doing since I don't know what Group policy
to apply and on what interface to get my desired results.

Please help!

thanks

Todd

Relevant Pages

  • Re: How do I get Restricted Groups to be real time?
    ... "Todd" wrote in message ... > close to real time as possible. ... > group as I have configured with Restricted Groups. ... > controller policy, and the local machine policy all to reflect the ...
    (microsoft.public.win2000.security)
  • Re: Want to add users to their local Admin group
    ... You can accomplish this using Restricted Groups feature of the Group Policy. ... policy - you control its membership ultimately - meaning, ... while Domain wide being part of the Domain Users. ...
    (microsoft.public.windows.server.active_directory)
  • Re: remove local admin rights
    ... I have set up a policy to make all domain users Local Admins - I ... users have remained in the local Admin group... ... Double-click Startup, click Add ... Restricted groups are useful sometimes but I'm old fashioned and prefer the ...
    (microsoft.public.windows.group_policy)
  • Re: How do I get Restricted Groups to be real time?
    ... It is the Computer policy refresh that applies the Restricted group defs. ... LAN local DCs situation). ... > group as I have configured with Restricted Groups. ...
    (microsoft.public.win2000.security)
  • Re: Help with my WMI
    ... You could use the "Restricted Groups" policy to add members to a "Restricted ... > I would like my script to Add a specified group to the pc's Local Admin ...
    (microsoft.public.win2000.group_policy)