Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

restricted groups not working

Posted on 2010-08-23
5
Medium Priority
?
756 Views
Last Modified: 2013-12-04
Hi,
Windows 2003 DC with XP computers.
We've added users that we need to give Local admin rights to XP computers.  We added them to the GPO and linked it to the OU's where the computers reside.   They're being applied to the computer configuration.
We see the GPO present in the computer configuration properties of rsop.msc, but still don't seen them applied (we don't see the users in the administrators group).    
Any suggestions?  
0
Comment
Question by:seven45
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 375 total points
ID: 33502694
Can you take a screenshot of the GPO (if you can)   Sounds like you did everything right.  Florian also has a really good entry
http://www.frickelsoft.net/blog/?p=13
Any errors in the event logs on the machines telling you that the GPO didn't apply?
Thanks
Mike
0
 
LVL 16

Assisted Solution

by:Ady Foot
Ady Foot earned 375 total points
ID: 33502700
Hi,

Sounds like you've configured this properly but just to be sure, please check through the following guide:
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

Once confirmed please let me know.  It's probably a nesting issue if the instructions above don't help.

Regards,

Ady
0
 

Author Comment

by:seven45
ID: 33641685
What port do the GPO's use?
Using rsop.msc, I do see the gpo being applied, but i dont see the group added into the Local users and groups of the Local computer.  
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33641782
ports are listed within this document  http://support.microsoft.com/kb/832017
 
0
 

Author Closing Comment

by:seven45
ID: 33789949
Although my problem isn't completely solved, I don't have access to the client for another month---I'll test the above, and if it still presents itself as an issue, I'll create a new question.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question