jskfan
asked on
Restricted Group policy
I have a security group in Active Directory called "Local Executives"
I need to create a Restricted group GPO, for Local Administrators group in each PC, so that "Local Executives" group will be member of Local Administrators group in each PC.
However I do not want to delete the Already existing members of the local administrator group. It is kind of adding instead of removing and adding.
any help will be very much appreciated.
Thanks
I need to create a Restricted group GPO, for Local Administrators group in each PC, so that "Local Executives" group will be member of Local Administrators group in each PC.
However I do not want to delete the Already existing members of the local administrator group. It is kind of adding instead of removing and adding.
any help will be very much appreciated.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for illustrating my comment, VB ITS :)
ASKER
VB ITS
Thanks for the screenshot and the wizard walk through...I want just to make sure I understood the procedure.
So in the screenshot you posted above, there are 2 window panels, if I add "Executive Admins" to the top window then all existing members of the local administrators group in workstations will be deleted except for "Executive Admins" that I have added.
if I add "Executive Admins" to the bottom window, then existing members of local administrators group will stay there and "Executive Admins" group will be added.
Correct ?
Thanks for the screenshot and the wizard walk through...I want just to make sure I understood the procedure.
So in the screenshot you posted above, there are 2 window panels, if I add "Executive Admins" to the top window then all existing members of the local administrators group in workstations will be deleted except for "Executive Admins" that I have added.
if I add "Executive Admins" to the bottom window, then existing members of local administrators group will stay there and "Executive Admins" group will be added.
Correct ?
No, if you add Executive Admins to the box above then the policy will attempt to place Executive Admins in the Executive Admins group. This obviously will not work very well!
If you want to replace the membership of the local Administrators group then you would specify Administrators when you go to create the Restricted Group. See below:
In the above scenario, the Administrators group on each workstation will have the group membership replaced so that DOMAIN\User is the only member of the group.
Hope this makes sense.
If you want to replace the membership of the local Administrators group then you would specify Administrators when you go to create the Restricted Group. See below:
In the above scenario, the Administrators group on each workstation will have the group membership replaced so that DOMAIN\User is the only member of the group.
Hope this makes sense.
ASKER
No my Goal is to add Executive Admins Group to Local administrators group on each workstation without deleting the existing members of the local administrators group.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you