There are a few ways you can do this. One would be in the restricted group settings, create new group. The name would be the local group of the server so Administartors and "Power Users". Add the local admin account and whatever domain accounts in there. The other way would be to add a Domain Group in the GPO and set that as a member of the local groups. The difference between the two is that the first one will clear the group membership and the second one will just add to the local group. Here are a few links.
http://technet.microsoft.com/en-us/library/cc785631%28WS.10%29.aspx http://www.frickelsoft.net/blog/?p=13 On Fri, Nov 12, 2010 at 12:48 PM, Ziots, Edward <[email protected]> wrote: > For those that have worked with the Restricted Group Functionality in > Windows 2003, Windows 2008 R2. I have the following questions. > > > > I am looking to create some group polices that will affect the local > administrators, power users groups on a set of computer objects (servers) in > particular OU’s. > > > > I am looking at using Restricted Groups to allow this to happen, so my > scenario would be the following. > > > > 1) How to designate the Local administrators group of the > Server/Servers within the GUI of the group policy Object, so I can say that > Group X in Domain X should be a member of the local administrators group > enforced by this group policy which is applied to the OU in which the > computer objects apply. ( Same would go for Power Users). > > > > Any white papers, or KB articles that have been of use in your application > of this feature would be greatfully appreciated, since the management here > needs this to happen in short order. > > > > Please advise, > > EZ > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:[email protected] <email%[email protected]> > > Cell:401-639-3505 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
