Solved

GPO:  Windows 2008 R2 Local Admin group

Posted on 2014-01-15
7
698 Views
Last Modified: 2014-01-30
Hi All,

I setup a Group Policy around 12 months ago to an AD Group to the local Admins group.  I attached it to our server OU and checked it was working (on a 2003 server).

Recently I noticed it's not applying to any of the 2008 servers.

I followed this guide to the letter

http://www.youtube.com/watch?v=2S8pkW1fZxs

Any ideas?
D
0
Comment
Question by:detox1978
  • 3
  • 2
  • 2
7 Comments
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Not sure why do you require restricted groups GPO on servers ?
Check group policy settings if its applied to authenticated users in security filtering in GPMC?

Run rsop.msc on affected servers and check if GPO is showing there in rsop output as applied?

If its showing as applied,then you must reboot 2008 servers once in order to apply GPO

Please reboot 2008 servers once to test if it's working and also check event viewer on those servers for any errors

Mahesh
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
I beleive you are referring to Restricted Groups? If so Restricted Groups are compatible with 2003 and 2008. On your 2008 server run rsop.msc and check computer and user configuration properties and make sure that the policies are actually being applied.

Restricted Groups

Will.
0
 
LVL 2

Author Comment

by:detox1978
Comment Utility
Yes it's restricted groups.  

The policy is not showing as being filtered when I run GPRESULT /R

However the setting does not appear in RSOP.msc
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
It is filtering out probably due to Security Filtering. Can you check the security filtering and make sure that it is set accordingly.

Will.
0
 
LVL 2

Author Comment

by:detox1978
Comment Utility
It has the same access as the Default Domain Policy.  It also applies successfully to Windows 2003 Servers

Scope
Delegation
0
 
LVL 2

Author Comment

by:detox1978
Comment Utility
GPRESULT shows it applying

GP RESULT
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
Comment Utility
It looks like GPO settings are correct

For windows 2008 try GPO preferences to achieve the same results

http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

Check above article and give try, hopefully it should work

You need to run GPMC console from 2008 \ 2008 R2\ win7 machine in order to view GP preferences

Mahesh
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now