You have read it correctly, as I understand it as well. With restricted groups, even if you do not include "Administrator" in the list of members of "Administrators" in your GPO, the local account "Administrator" on the workstation will still have full admin access to the machine.
/aaron Salandra, Justin A. wrote: > If I was to modify a GPO and put in a Restricted Group on my workstation > GPO to control the Administrators Local Group would it remove all that > is in the group currently including the Administrator of the Local PC? > I read somewhere that Restricted Groups will not remove the > Administrator no matter what even if you don't include it in the group. > > If I was to just show Administrator with no domain affiliation then this > would be translated to the local Administrator account, correct? > > Justin A. Salandra > MCSE Windows 2000 & 2003 > Network and Technology Services Manager > Catholic Healthcare System > 212.752.7300 - office > 917.455.0110 - cell > [EMAIL PROTECTED] > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > -- Aaron Steele Enterprise Systems Administrator e:[EMAIL PROTECTED] p:773.834.9099 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
