Home 
Tutorials
Active Directory 
Active Directory Group Policy Restricted Groups (EN) |
The management of local groups
on Workstations and servers in an organization can be done centrally by Group
Policies. One of the ways to do that is to use Group Policy Restricted
Groups.
Below is a table that summarizes the membership that could be updated
using Group Policy Restricted Groups:
|
|
Local
Group
|
Domain
Group
|
Using of
“Members”
|
- Local Users
- Domain Users
- Domain Groups
|
Not applicable
|
Using
“Member Of”
|
Not Applicable (*)
|
|
|
(*) Local Groups Nesting is not supported (http://technet.microsoft.com/en-us/library/ee681621(v=ws.10).aspx
)
Creation of a new
Restricted Groups Group Policy:
To create a new Restricted Groups Group Policy,
proceed like the following:
|

|
|

|
|

|
|

|
IMPORTANT: You should
refer to the table that summarizes the membership that could be updated using
Group Policy Restricted Groups before applying the new group policy.
Expected behavior
when using a Restricted Groups Group Policy:
When using a Restricted Groups Group Policy, the
following behavior is expected:
|
Type of update
|
Behavior
|
Update of “Members”
|
Any current member of the
group that is not on the “Members” list will be removed (Local
administrator user cannot be removed from Administrators group even if it
is not in the “Members” list). All users / domain groups that are in the
“Members” list and are not members of the group will be added as members.
|
Update of “Member of”
|
The membership is added if
it does not exist
|
|
Microsoft support
for Group Policy Restricted Groups:
Description of Group Policy
Restricted Groups: http://support.microsoft.com/kb/279301 
Tips:
Tip 1: It happens
that, for operational tasks, a user needs to be added as member of a local
group to perform an action and then removed later. If a Restricted Groups
Group Policy is used for the local group members then the user can be added
as member of the group and automatically removed after the re-appliance of
the group policy.
Tip 2: To add new
domain members to a local group using Group Policy Restricted Groups without
removing the current members, you can proceed like the following:
|
|
About Tunit
Tunit helps you plan your Microsoft systems integration and administration.
Certainly, having a good Management of your IT systems improve your Business performance while it can, when it is poorly managed, obstruct the responsiveness and efficiency of your organization. We are here to help you so do not hesitate to follow us.
View more
TUNIT © 2011 - MALEK Ahmed