Announcement

Collapse
No announcement yet.

Resticted Groups problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Resticted Groups problem

    Im trying to give certain users access to the local administrators group. ive searched the internet and tried all solutions to no avail. Im thinking maybe its the way im trying to do it.

    my basic AD tree structure.
    Code:
    DOMAIN.COM
       Builtin
       Computers
       COMPANY NAME
            Office1
                <Some Users>
            Office2
                <Some Users> 
            Office3
                <Some Users>
       Security Groups
                <Group1>
                <Group2>
    I have created a GPO and linked in to the OU "Company Name"

    The GPO security filtering is set too Group1

    The GPO has a restricted group set for "Administrators" with "Members" Domain.com\Group1 and
    Admin

    From this setup i thought that any user who was a member of Group1 would be a local administrator.

    I know the GPO has been applied by running "gpresult"(also other attributes of the GPO have applied)

    And if i manually add the group to the local machine by running:
    net localgroup "administrators" "domain.com\group1" /add

    This works and the users who are a member of Group1 can perform admin tasks.

    Am i setting up my tree the wrong way?

    Thanks for any help
    Last edited by j_hall; 25th February 2008, 16:45.

  • #2
    Re: Resticted Groups problem

    I found ths really useful, and it got my Local Administrators group working a treat with the domain users: http://forums.petri.com/showthread.p...omain%20Admins
    Best wishes,
    PaulH.
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

    Comment


    • #3
      Re: Resticted Groups problem

      I have no way of verifying this ATM, but your policy should be linked to the OU that contains your computers. Try running a gpresult on of the machines.
      Technology is only as good as those who use it

      My tech blog - wiredtek.wordpress.com

      Comment


      • #4
        Re: Resticted Groups problem

        Originally posted by wiredteknologies View Post
        I have no way of verifying this ATM, but your policy should be linked to the OU that contains your computers. Try running a gpresult on of the machines.
        This is my first AD environment so im just learning. Does this mean its best practice to move all computers from the container "Computers" into a seperate OU then link the GPO to this OU?

        Comment


        • #5
          Re: Resticted Groups problem

          Yes...........

          Regards,
          Kapil Sharma
          ~~~~~~~~~~~~~
          Life is too short, Enjoy It.

          Comment


          • #6
            Re: Resticted Groups problem

            Check this out for some best practices:

            http://www.windowsnetworking.com/art...up-Policy.html
            Technology is only as good as those who use it

            My tech blog - wiredtek.wordpress.com

            Comment

            Working...
            X