Solved

GPO:  Windows 2008 R2 Local Admin group

Posted on 2014-01-15
7
703 Views
Last Modified: 2014-01-30
Hi All,

I setup a Group Policy around 12 months ago to an AD Group to the local Admins group.  I attached it to our server OU and checked it was working (on a 2003 server).

Recently I noticed it's not applying to any of the 2008 servers.

I followed this guide to the letter

http://www.youtube.com/watch?v=2S8pkW1fZxs

Any ideas?
D
0
Comment
Question by:detox1978
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39782606
Not sure why do you require restricted groups GPO on servers ?
Check group policy settings if its applied to authenticated users in security filtering in GPMC?

Run rsop.msc on affected servers and check if GPO is showing there in rsop output as applied?

If its showing as applied,then you must reboot 2008 servers once in order to apply GPO

Please reboot 2008 servers once to test if it's working and also check event viewer on those servers for any errors

Mahesh
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39782614
I beleive you are referring to Restricted Groups? If so Restricted Groups are compatible with 2003 and 2008. On your 2008 server run rsop.msc and check computer and user configuration properties and make sure that the policies are actually being applied.

Restricted Groups

Will.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39782671
Yes it's restricted groups.  

The policy is not showing as being filtered when I run GPRESULT /R

However the setting does not appear in RSOP.msc
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39782719
It is filtering out probably due to Security Filtering. Can you check the security filtering and make sure that it is set accordingly.

Will.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39782763
It has the same access as the Default Domain Policy.  It also applies successfully to Windows 2003 Servers

Scope
Delegation
0
 
LVL 2

Author Comment

by:detox1978
ID: 39782781
GPRESULT shows it applying

GP RESULT
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39782894
It looks like GPO settings are correct

For windows 2008 try GPO preferences to achieve the same results

http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

Check above article and give try, hopefully it should work

You need to run GPMC console from 2008 \ 2008 R2\ win7 machine in order to view GP preferences

Mahesh
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SCCM Active Directory Audit functions 2 28
Exchange 2010 mailbox move 7 51
Distinguished username as email address 4 41
Copy delete file if connection drops. 2 33
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question