Solved

Active Directory: What does 'Restricted Groups' mean?

Posted on 2004-08-24
11
175 Views
Last Modified: 2012-05-05
What does 'Restricted Groups' mean and when would it be used?  I haven't been able to get a full understanding of what 'Restricted Groups' is.

The scenario that I have is I want to add a user to their local admin group.  This user should only be a local admin on their PC and any PC that has a specific application on it.  That application requires that the user be in the local admin group.  I have a couple of users in different OUs that need to be in the local admin group of their PC too - for the same reason.

Currently, I've gone to the individuals PCs and manually added them into the local admin group.  The problem is if they go to another PC with the application on it and they are not in that PC's local admin group, the application will not work.

What's the best approach for handling the above scenario?  I've posted another related question in this forum, but now I'm inquiring in re:'Restricted Groups'.

Thanks.
0
Comment
Question by:halfondj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 12

Expert Comment

by:Housenet
ID: 11889046
-Are these PC's members of a Domain of which you have a domain admins credentials?
1. Create a domain group, Add the people you need to do your thing.
2. Remotely manage each of the PC's from one of the DC's and add the group to local administrators group on the PC's. Another option is to use a script. They exist...I dont have one handly at the moment.

Right clicking on 'My Computer' choosing 'Manage'.
then right-click on local computer & choose connect to another machine
->add the app-admins group to the remote machines administrators group.
0
 

Author Comment

by:halfondj
ID: 11892767
To Housenet: I'm not sure what you are explaining.  I wanted to know what 'Restricted Groups' mean and when one should use it.

Thanks.
0
 
LVL 12

Expert Comment

by:Housenet
ID: 11893154
Hello,
No, no.. You asked "What's the best approach for handling the above scenario?"
-I personally think that the definition of a restricted group is evidant by the name itself.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 9

Expert Comment

by:jdeclue
ID: 11894234
Restricted Groups in the GPO, allows for you to set exactly what the contents of the group are for the computers under that GPO.

So I may set a policy for Restricted Groups like this
1)Right click on Restrictied Groups and add Administrators
On the right the group will be there now.

2) right click on group new group Administrators and add DOmain Admins and "My group"(a group of your choosing) pay attention to your options..

3) Next time the computer updates its security policy, (if it is in the OU wiht the policy applied), it will remove all entries from the Restricted group and add the ones you put in it.

J


0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11894263
P.S. If you wanted to use it for your issue, Put your users in a group.... put their PC's in a container and apply a policy to it which adds Administrators to the Restricted list and then add the new group and Domain Admins to the group.

J
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11894289
opps one more thing, don't forget to add the local administrator.
It would be like this.

administrator
domain\Domain admins
domain\My Group

0
 

Author Comment

by:halfondj
ID: 11897527
To jdeclue: I'll need to try your recommendation tomorrow.

Thanks.
0
 

Author Comment

by:halfondj
ID: 11959199
To jdeclue:  I still haven't been able to get this working.

Do I need to set up a new OU with only the local computers I want to apply the policy to, then create a GPO for that OU setting the Restricted Groups as what you described previously?

Where does that users' group go?  In that new OU too?

Thanks.
0
 
LVL 9

Accepted Solution

by:
jdeclue earned 500 total points
ID: 11963479
Ahh, yes there is some confusion... The policy is part of the computer configuration, as a result, it only applies to computer objects. So the GPO is placed in an OU, that contains the computers, and not the users. It does not matter where the User Group is located. Let me know if that makes sense, ok.

J
0
 

Author Comment

by:halfondj
ID: 11964913
To jdeclue:  Thanks so much for the reply.  It's all making a lot of sense now.  I did what you suggested and all seems to be working perfectly.

For all your assistance and great explainations, I'm increasing the points to the max.

Thanks again!
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11965152
You are a gentleman, thank you very much! ;) Take Care and Good Luck.

J
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question