Solved

Local user account management using Group Policy

Posted on 2008-06-26
2
616 Views
Last Modified: 2013-12-04
Hi Experts,

there is a problem I keep coming across on my network which I think stems from a fundamental misunderstanding of how group policy works with local user accounts.

Numerous software packages I install have failed to restart their appropriate services because the default user account they created at setup is removed or does not have the appropriate privileges in our AD domain.

I have read a lot of information on the internet but cannot find a decent explanation of local user account management with group policy.

Can anyone recommend a decent web site, whitepaper, tutorial or book which will help my understanding of this subject?

I've assigned 500 points to the question because I hope you'll be able to recommend lots of good resources and so I'll have to split the points!

Many thanks for all help offered

Andrew
0
Comment
Question by:Synergix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 40

Accepted Solution

by:
coolsport00 earned 500 total points
ID: 21873815
Funny you ask this...there is a website (www.gpoguy.com) that you can inquire things and, most of all, get on a listserve, to answer these and various GP-related questions. This question came up just about a week ago. In my experience, and in my org, I have local accts set via GP. What I have in my policies overwrite the default. But, according to Jamie Nelson & Darren Mar-Elia (the "gpo guy"), there is a way to "add" users to the local acct.

This is what Darren wrote in his email reply to this question:
"There are two sides to Restricted Groups. If you open the dialog you see Members of this Group at the top and This group is a member of at the bottom. So, lets say you wanted to add the Help Desk Admins group to the local Administrators group on a set of workstations. You would right-click the Restricted Groups node, choose Add Group and enter in or browse Help Desk Admins. Then, in the This group is a member of dialog, you would add the local Administrators group and, voilá!"

While I have gained great knowledge from using this site, I completely recommend getting on that listserver from GPOGUY.COM as it is also amazing. Darren actually writes books for Microsoft on GPOs so you could say he knows his stuff. :)

Hope that helps you.
Regards.
~coolsport00
0
 

Author Comment

by:Synergix
ID: 21914887
Thanks a lot for the reply Coolsport. I've joined that mailing list and am finding it very useful. You'll see some questions from me in the near future I think!

All points are yours as no one else has bothered to reply!

Many thanks

Andrew
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Event ID 29 KDC Win 2008 R2 DC 6 22
TLS 1.0 & Windows 7 - How to disable? 16 123
Fraud Email 11 41
Active Directory 2012 - How do I find the SID of a recently deleted user? 4 32
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question