Add a user group as administrators on a single machine

Greetings, I have created a user group in Active Directory (Grp1) and I want to grant the users in this group the privilege as local administrators on a particular machine.  I placed that machine in a separate Organizational Unit in Active Directory and applied a Group Policy Object on that Unit.  In the Group Policy Object, Under ComputerConfiguration>Windows Settings > Security Settings > Restricted Groups, I added a new Group "Administrators" and in the "Administrators Properties" I added "Grp1" in the "Members of this group" box.
My goal is to allow these users of this group to log in as local administrators on the machines inside this Unit ONLY.  Did I approach this in the right way, or did I give them too much permission.  I noticed that they're able to access shared folders on the network where "Grp1" doesn't have security or Permission rights.  Thanks.
ChaffeAsked:
Who is Participating?
 
Jay_Jay70Commented:
Hi Chaffe,

if you are dead set on adding users to the admin group then you have gone about it the right way :)

heres an interesting read with restricted groups so that you know exactly whats happening
http://support.microsoft.com/?id=810076

Cheers!
0
 
ChaffeAuthor Commented:
Jay_Jay70, Thanks for the link.  So with my current approach, I'm not giving these users more than what they need.  I'm just wondering why they're able to access a shared drive that they don't have access to.
0
 
Jay_Jay70Commented:
Chaffe,

i would triple check the actual NTFS permissions on the drive and see what conflicts
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.