Mark- Restricted Groups errors are almost always reflected in the winlogon.log in c:\windows\security\logs. Poke around in there and see what you can find. --Brian
-----Original Message-----
From: Creamer, Mark [mailto:[EMAIL PROTECTED]
Sent: Tue 4/27/2004 10:28 AM
To: [EMAIL PROTECTED]
Cc:
Subject: [ActiveDir] Help with Restricted Groups
I had posted some questions a week or so ago, which Guido and some others
kindly responded to. ItÃââs still not quite doing what I thought it would do, so
if youÃââll bear with me, IÃââd like to outline my steps and see
whatÃââs wrong.
Three Windows 2000 domains, a root and two subs. A Universal group UnivAdmins
has been created in the root domain. It contains members whose accounts exist in the 2
subdomains.
In each of the 2 subs, I created a Servers OU, and placed some test Win2K SP4
servers in the OU. Then I set up a GPO applied to that OU. Under Computer
Configuration/Windows Settings/Security Settings/Restricted Groups, I did Add Group,
and added my UnivAdmins Group. Then I right-clicked and did Security.
HereÃââs where the confusion comes in: I tried adding
ÃâÅAdministratorsÃâ to the ÃâÅThis group is a member ofÃâ dialog,
with the intention that this would make the Universal group a member of the local
Administrators on each server inside the OU that this GPO applies to. I have waited
for replication, applied secedit /refreshpolicy, tried rebooting the member server,
etc. but the universal group never shows up in the Administrators group of the local
server. Can someone help me out with this?
Thanks!
Mark Creamer
Systems Engineer
Cintas Corporation
Honesty and Integrity in Everything We Do
<<winmail.dat>>
