Re: [ActiveDir] GPO Restricted Groups gotchas ?

[Kamlesh Parmar]

But then it defeats the purpose of restricted group, as you want to be sure that, only known members are part of the restricted group. If the operation is merge than it is not restricted by definition?

When u ask for merge or append, you are doing some group membership modification. You better use some scripts for that.

 

I would suggest create a separate group of those app servers, and apply group policy with restricted group populated as you want.

Make sure Group Policy is applies to that Group of appservers only. it is must that you Remove "Authenticated Users" group from group policy security.

 

On 9/23/05, Mark Parris <[EMAIL PROTECTED]> wrote:

The biggest gottcha, is that any existing group memberships for groups managed by the restricted group policy are overridden by the restricted group policy – this is my biggest gripe, I wish they would merge\append.

 

Mark

 

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED]
Sent: 23 September 2005 06:36
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] GPO Restricted Groups gotchas ?

 

I would like to use restricted groups policies to specifiy local Administrative access to application servers. I am sure this has already been tried. I would like to know how this worked or did not work for those who have tried it  and where there any unexpected gotchas that happened ?

Thank You ! And have a nice day !

**************************************************************
Mark Lunsford
KAISER PERMANENTE

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Fortune and Love befriend the bold"
~~~~~~~~~~~~~~~~~~~~~~~~~~~