Restricted Group Problem My Scenario and problem..what am i doing

Restricted Group Problem My Scenario and problem..what am i doing

Post by Qm9va2VyV » Wed, 30 Aug 2006 06:41:01


On my XP box with GPMC installed, I setup a GPO as follows

1. Open up a GPO
2. Within Computer Configuration, Restricted Groups, I click to Add Group
3. Click Browse, Chose Local Computer Name, choose Administrators Group\
4. When the Administraotrs Group Properties box pops up, on the members of
this group, I add Domain admins, another domain group, and then i choose the
local computer name and add the renamed account that we use on all of our
local boxes that is the built in administrator account

5. I do not edit or change anything in the "This group is a member of" section

6. I think click Apply and OK

7. Next, I go into the properties of the GPO itelf, the scope, details,
settings amd delegation tabs

8. On the scope, I remove authenticated users and add a domain testuser,
and the domain admins group

9. Inside of Delegation, testuser has read/apply GP permission and domain
admins has R/W and Apply group Policy, etc...


When i go to the computer that this GPO is linked to (Linked to the OU that
the computer is in), no matter who I log on as.. testuser or a domain adins,
in the Policy Summary, for my restricted Group GPO, it shows in the Denied
GPO's.. reason denied: Inaccessible!!


What gives!!??

Thanks
 
 
 

Restricted Group Problem My Scenario and problem..what am i doing

Post by briande » Wed, 30 Aug 2006 08:55:16

Hi,

Restircted Groups applies to the computer and not to a specific user. So,
if you wish to security filter the policy you must filter it based on
computer accounts. The computers you wish to apply this policy must have
Read and Apply Group Policy Permissions. Normally, the computer accounts
get these permissions via the Authenticated Users group.


Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
doing
the
section
that
adins,