[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

What are Restricted Groups in ADS.?

Posted on 2007-10-15
5
Medium Priority
?
483 Views
Last Modified: 2008-05-31
Hi,

What are Restricted Groups in ADS.?.Where all can they be used.Some examples.
No links please...
Regards
Sharath
0
Comment
Question by:bsharath
  • 2
  • 2
5 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 600 total points
ID: 20078808
restricted groups are groups which the membership of is restricted to specified users. You can specify that a restricted group contains anothjer group of users for example. If you do then that it becomes a member of that group and cannot be removed.

This is explained (much better than I can) at http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 1400 total points
ID: 20078914
Restricted groups allow you to set one GPO which allows you, to some extent, to maintain the local groups of PCs via GPO. For example, if your users are renowned for removing the Domain Admins group from their machine's local Administrators group (which obviously means a domain admin can't remote in to the machine, loses their permissions as a local admin) then you could set with restricted groups that the Domain Admins group is always a member of the Administrators group. This prevents users from removing it, or if they do manage to remove it the GPO will be reevaluated quickly and the group would be added back in.

Hope this helps

-tigermatt
0
 
LVL 11

Author Comment

by:bsharath
ID: 20079045
Tigermatt is this option only for this purpose or is there any other purpose we can use the restricted groups for.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20079062
You can use it for any purpose where you need to control the local groups on a domain machine. It could be used in many other scenarios too, another example I can think of is if you have a custom group which needs to be a member of the Power Users group on some servers. Since its GPO, you can use filtering and link them with OUs to control which machines should get the settings and which ones don't.

The purpose I specified is just one common example of its use.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20079091
Thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question