On Tue, Jun 30, 2015 at 11:23 AM, Charles F Sullivan <[email protected]> wrote: > Unless I'm misunderstanding, this is the answer: > > You said the servers OU is blocking inheritance, so already the Restricted > Group setting won't apply, which I'm sure you already know, but....
Right ... > I assume you're referencing to the issue where Restricted Groups are > tattooed onto the Registry, so when you move a server into the Servers OU, > it still has the group as a member of Administrators. Yep, exactly. > To resolve that, set a Group Policy Preference Local Users and Groups > setting.... > > Action: Update > Group Name: Administrators (built-in) > Members section: > Name: <domain>\<groupyouwanttoremove> > Action: REMOVE Hmm! I will look into that, sounds like what I want .... Thanks
