Yes -- I've done that, and that's how it worked for me.


From: Darren Mar-Elia [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 26, 2006 5:23 PM
To: [email protected]
Subject: RE: [ActiveDir] Question on "restricted group" policy.

This somewhat depends upon which side of Restricted Groups you're using (i.e. "Members of this Group" or "This group is a member of"). If its the former, and you clear out the users in the list but leave the local Administrators group under control, then it will clear out the members of that local Admin group on the target machines (but will leave the local Administrator account in (always)). If the latter, and you clear out the members of the group, I think what you will find is that those users/groups are simply left in the group that you made them members of. If you simply delete or unlink the GPO, then the groups should be left the way they were before you deleted/unlinked it (i.e. the group membership changes do not get unapplied in the case of restricted group policy).
 
Darren
 
Darren Mar-Elia
For comprehensive Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO FAQs, video training, tools and whitepapers. Also check out the Windows Group Policy Guide, the definitive resource for Group Policy information.
 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky
Sent: Wednesday, July 26, 2006 4:08 PM
To: [email protected]
Subject: [ActiveDir] Question on "restricted group" policy.

Hey,
 
   Created a restricted group policy for my domain that's adds some groups to the local administrators group of the workstations. My question is now management wants me to delete it. If I understand the way this works is that if I delete it then it will delete the groups that were associated with this policy thus leaving nobody in the local admin group. Am I correct...
 
v/r
john
 

Reply via email to