Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 564
  • Last Modified:

Understanding Restricted Groups in GPO

If I understand Restricted Groups can be set up only through Group Policy.
So if I have a group of users named HelpDeskUsers in ADUC that I need to  make member of every local administrators group in each domain computer. then if I add a new member to HelpDeskUsers group from ADUC console, will GPO update that group with the new member ? Or each time I need to add new member I will have to do it from the Gpedit console and drill down to Restricted Groups ?

another point, If Local administrators group in each computer already has other groups, will the GPO delete them all them and add only the HelpDeskUsers.

This example is just when adding a user group to local administrators group in domain computers.
I wonder if all local groups shown in the screenshot will have the same mapping in Active Directory.
I do not see configMgr Remote control users in AD

1 Solution
Tim EdwardsIT Team Lead - Unified Communications & CollaborationCommented:
The groups that you see are not set by Active Directory, these groups are local groups on each machine. You can create a local group manually if you would like and set the appropriate permissions, then add users to that group.

What you are looking to do by the sounds of your questions is to create security group ADUC, add your users to it, then you will want to create a Group Policy that adds your security group to your local administrators group.

Once the group has been created you will need to link with with an OU, in your case computers. Any computer/server that is in the computers OU next time it gets the gpupdate will add your security group to the local administrators group.

Moving forward all you need to do is add a user to the security group for them to get the ability to be a local admin, or remove the user from the group to revoke the permissions.

A quick little video on how to accomplish this:

jskfanAuthor Commented:

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now