You can't use it Rocky. You hit the nail on the head with "built-in". It has a well known SID (S-1-5-32-555) which has no domain affinity so adding that to a member machine is useless as the member machine would not be able to chase it back to anything. I.E. If you have a forest with 4 domains and you were able to add that group from Domain1, how would the member know it wasn't actually from Domain2 or Domain3 or Domain4? Answer... It wouldn't, the SID is the same for all of them.
It is just another reason to try and avoid use of the builtin groups as much as you can and creating and using your own specific groups. You see this question in the newsgroups a lot but it is usually around Server Operators... i.e. I have people that are server operators on the domain and I want them to have rights on the members when I try to do xyz with the server operator group it doesn't work... joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Thursday, January 11, 2007 12:55 PM To: [email protected] Subject: [ActiveDir] Win 2000 Remote Desktop Users Guys, I am trying to add the Remote Desktop Users group (Builtin Domain Local Group) to the Power Users group on my Windows 2000 Server SP4 Terminal Server. I can't. I can't navigate to it, I can't see it. Would anyone be able to tell me why? I would be grateful. _____________________________ Rocky Habeeb Microsoft Systems Administrator James W. Sewall Company Old Town, Maine Voice: 207.827.4456 Ext. 387 Email: [EMAIL PROTECTED] www.jws.com _____________________________ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
