I do exactly this, it's awesome.

From: Ziots, Edward [mailto:[email protected]]
Sent: Thursday, October 13, 2011 5:37 AM
To: NT System Admin Issues
Subject: RE: Has anyone tried to add a local account on a server to a 
restrictive Group via GPO?

I will take a look at it today, going to test out my GPO's before putting them 
on the production system. Kinda why I tell folks not to use local accounts, but 
sometimes stuff sneaks through and its typically vendor related.

Z

Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:[email protected]
Cell:401-639-3505
[cid:[email protected]]

From: Christopher Bodnar 
[mailto:[email protected]]<mailto:[mailto:[email protected]]>
Sent: Wednesday, October 12, 2011 4:42 PM
To: NT System Admin Issues
Subject: Re: Has anyone tried to add a local account on a server to a 
restrictive Group via GPO?

Have you seen this?

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/64d9a801-5281-487c-8d14-1b092c0dffcf/

It looks like you should be able to do this through GPO Restricted Groups, or 
using Preferences.




Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: [email protected]<mailto:[email protected]>
Phone: 610-807-6459
Fax: 610-807-6003



From:        "Ziots, Edward" <[email protected]<mailto:[email protected]>>
To:        "NT System Admin Issues" 
<[email protected]<mailto:[email protected]>>
Date:        10/12/2011 03:38 PM
Subject:        Has anyone tried to add a local account on a server to a 
restrictive Group via GPO?
________________________________



Trying to add a local user to a restrictive groups GPO ( its on the
server for an application) I am wondering if that can even be done (
unless you modify the GPO from the server that has the local account in
question)

As for the local account ( silly Healthcare application, don't ask long
story about inability on vendors part to set proper DCOM permissions)

Z

Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:[email protected]
Cell:401-639-3505




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
[email protected]<mailto:[email protected]>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin

<<inline: image001.jpg>>

Reply via email to