Announcement

Collapse
No announcement yet.

"Restricted Groups" missing from GPO?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • "Restricted Groups" missing from GPO?

    Hi all, I need to tweek 'Restricted Groups' to setup temporary Local Admins for a user across multiple machines, but the instructions say to navigate to "Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups" via gpedit.msc.. but Restricted Groups is not present?... actually there's about 6 groups not there that should be, according to the MS article ive been reading?
    I have 3x2003sp2Domain controllers, same on all of them. AD working fine.. just missing this group to edit!
    Am I missing something or what? Are they added via other options?
    Instructions for what I want to do are covered in http://forums.petri.com/showthread.p...3093#post53093
    Sounds simple, just I can't navigate there.
    Any assistance muchly appreciated
    AJ

  • #2
    Re: "Restricted Groups" missing from GPO?

    Hello,
    As you have a domain you will have to do this through Active Directory Users and Computers rather then via gpedit.msc
    I don't know anything about (you or your) computers.
    Research/test for yourself when listening to free advice.

    Comment


    • #3
      Re: "Restricted Groups" missing from GPO?

      Hey Maebe, thanks for the reply...
      I did investigate that a bit earlier, but couldn't find any folders in Active Directory users and computers?
      I specifically looked for any entry of "restricted Groups" to no avail, then expanded to look for any of the articles mentioned sub folders ie: Computer Configuration -> Windows Settings -> Security Settings.. no go, so I figured gpedit.msc must be the proper way of accessing this..

      If ADU&C is to be used, where does Restricted Groups live in it? I can't find it.
      I have noticed that in "Administrative Tools", there is "Domain security policy" and "Domain controller security policy" and both of these utilities? have sub entries called "restricted groups"... is one of these the right one to use? if so which one?
      hope you or someone has done this in a domain environment and knows.
      again, thanks for the help.
      AJ

      Comment


      • #4
        Re: "Restricted Groups" missing from GPO?

        Hi,
        sorry about that I use a 2000 domain mostly and I use ADUC to manage GPOs.
        If you right click on the OU where the GPO is applied (select Properties and then select the Group Policy tab, here select the policy and then press the Edit button) you should see it where that other post said.
        If you haven't set up an GPOs before then you should find the Default Domain Policy by right clicking on the Domain container itself. If this is the case generally it is better to not edit the Default Domain Policy and to create a new policy on the conainter you actually wish the GPO to be applied to.


        What you have found sounds right actually. I wouldn't use these though as they would edit the default policies which isn't really the best practice. The idea/best practice is to create policies on just the containers you want to have the settings applied to.

        There is a tool in Server '03, the GPMT:http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx which may be better then using ADUC, I'm just in the habit of using ADUC.
        I don't know anything about (you or your) computers.
        Research/test for yourself when listening to free advice.

        Comment


        • #5
          Re: "Restricted Groups" missing from GPO?

          Not sure about the 2000 domain, but for 2003 the GPMC is a must have tool...
          Makes your life a lot easier.

          You can download the latest version of it from the link below:

          http://www.microsoft.com/downloads/d...displaylang=en
          Regards,
          John

          Comment

          Working...
          X