Look for "member of" instead of "members"
The two properties are Members and Member Of. The Members list defines who belongs and who does not belong to the restricted group. A group can be a member of groups other than those listed in the Member Of section. The Member Of section simply ensures that the restricted group is added to the groups listed in Member Of. It does not remove the group from other groups of which it is a member. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. From: Ehren Benson [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2008 2:04 PM To: Active Directory Admin Issues Subject: GPO to add a group to all configured systems and LEAVE all groups currently in place. Hello! I have a GPO that is set to add a group called "helpdesk" as a member of the Builtin\Administrators group on the systems for which the GPO is configured. It does do this, however it REMOVES every other user or group that is already configured and replaces it with "helpdesk" which is not useful for the people who use the computers and need the admin privilege on it. Is there a setting I am not finding that will just 'append' the "helpdesk" group to the list of BUILTIN\Administrators instead of 'replacing' everything? It is currently configured under: Computer Configuration --Windows Settings ----Security Settings ------Restricted Groups --------Group:BUILTIN\Administrators | Members: PHY-AST\Helpdesk Thanks! Ehren J. Benson, MCSE Windows Systems Administrator Department of Physics and Astronomy Michigan State University 1209 A Biomed Phys Sci [EMAIL PROTECTED] 517-884-5469 ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
