[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Restricted Groups Problem

Posted on 2011-09-25
4
Medium Priority
?
279 Views
Last Modified: 2012-06-21
Greetings,

I am working with WIN2008 Enterprise active directory.

I recently wanted to make one regular domain user a local admin on certain workstations and I did accomplish that by using Restricted Groups.

The thing now is, I want one more local admin to help the first one. But I did not want the new one to be added to the same Restricted Group which the first one is in.

I went on and made another GPO and named it 2ndlocaladmin and went to Restricted Groups and added a group and named it Administrators inside. And then went to its properties and I added that new domain user to this newly created group.

When I went on to link this GPO to the workstations group wanted, nothing happend.

Neither the domain admin nor the new GPO worked and I had to remove the GPO.

Is there a problem for having two different Restricted Groups GPOs in the same domain, knowing that the two are not applied to the same computers "workstations" group > meaning is that the two are not linked to the same computers group at the same time, each one is linked to a different computers group.

And what could it be that am doing wrong here?

Thank you
0
Comment
Question by:ksssg
  • 2
  • 2
4 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 2000 total points
ID: 36595090
I would suggest to remove Restricted Groups GPO and use Group Policy Preferences (GPP) for that. It's much more easy in use and it's newer option since 2008/Win7

More about this method at
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

If you need to apply GPP to XP/2003 clients, you need to install Client Side Extension (CSE), first. It can be downloaded from

for XP
http://www.microsoft.com/download/en/details.aspx?id=3628

for 2003
http://www.microsoft.com/download/en/details.aspx?id=6955

or you can push this update from WSUS.

Regards,
Krzysztof
0
 

Author Comment

by:ksssg
ID: 36595618
I LOVE YOU iSiek, I LOVE YOU SO MUCH lol. You see, the second I see your nickname I just know I will find an answer, and not any answer, the absolute ONE good answer there lol.

Yep, a True Genius

Thank you so much
0
 

Author Closing Comment

by:ksssg
ID: 36595622
What can I say, iSiek is a Genius!.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36595653
Thank you for compliment :)

Krzysztof
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question