Announcement

Collapse
No announcement yet.

Using Restricted Groups in AD Group Policies

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using Restricted Groups in AD Group Policies

    Hello All,

    I have been asked to utilise Restricted Group functionality through AD group Plocies ( Our DC is running on Win Server 2K8 ).

    Does anyone worked on Restricted Groups? If yes, I would like to know the Pro's and Con's of applying this policy.

    Thanks

  • #2
    Re: Using Restricted Groups in AD Group Policies

    You've been asked to use Restricted Groups for what purpose? What's the goal for using them?

    Comment


    • #3
      Re: Using Restricted Groups in AD Group Policies

      Well, i agree with Joe's Question, as in what are you trying to achieve.......?

      To talk about restraicted group policy, it is used to make a certain group/User member of a certain group...

      Like recently on one my XP machine, domain admins grp was taken out of local administrators grp accidently, and we didn't have the pwd for local admin account...so technically we were not able to login as admin on that machine....in that case using the restricted grp policy i again made domain admin part of local admin and that fixed the concern...

      Well this was just an example to explain the things...hope it help

      Karan
      Pledge technologies
      Best Regards,
      Pledge Technologies

      Comment


      • #4
        Re: Using Restricted Groups in AD Group Policies

        Hello,

        To clarify further..

        We have some mischevious users of XP and Vista computers removing the Domain Administrators group from the local Administrators group on their computers. and also we need to have a desktop admin AD group to be placed in the Administrator group of every computer on the network for remote administrative functions.

        This is most common problem we are facing since long time. I work for a medium sized organization, and we have thousands of clients and hundreds of servers that we need to manage. Manually trying to manage all of the local groups on all of these computers is difficult, and almost impossible.

        Hence, this question.

        Comment


        • #5
          Re: Using Restricted Groups in AD Group Policies

          I would highly recommended using this feature, the major benefit with 08 domain, the users in destination group do not get overwritten with user/group from restricted group policy like it did in 03 domain.


          http://www.windowsecurity.com/articl...ed-Groups.html

          Comment

          Working...
          X