RE: GPO Restricted Group for 'Local Admins'
When specifying the local Administrators group type builtin\administrators
rather than going to Browse and selecting Administrators.
RE: GPO Restricted Group for 'Local Admins'
Or use the 'browse', but change the source in the "select objects from..."
box (as long as you are not on a DC at the time, you will get the local
accounts list to choose from)
Don't forget that restricted groups does a rip-and-replace, not a merge.
RE: GPO Restricted Group for 'Local Admins'
Thank U, using 'builtin\Administrators' on a non DC server worked. :-)
Re: GPO Restricted Group for 'Local Admins'
Ok, I can see restrictive groups for the whole domain but how do I get to the one in OU? (Using server 2008)
I used gpedit.msc and can't see restrictive groups when I go in there... Please help, I think I understand the rest, I am just not sure which restrictive groups to put it in...
Re: GPO Restricted Group for 'Local Admins'
Use Group Policy Management Console rather that gpedit.msc. Refer to
http://technet.microsoft.com/en-us/l.../cc759123.aspx
Re: GPO Restricted Group for 'Local Admins'
From the looks of the article, it says not to edit the default domain policy... is the best practice here just to create a new policy for your company and leave the defaults in place? (It's a small shop of about 30 people and only 15 computers).
Re: GPO Restricted Group for 'Local Admins'
That would be my recommendation. It makes it easier to fall back to the
original state in case of problems...
Re: GPO Restricted Group for 'Local Admins'