restricted group

  • Thread starter Thread starter brian v
  • Start date Start date
B

brian v

What is the restricted group that is visible in regedt32
hklm permissions. These are the default permissions !

In a domain I can also add this group to NTFS file
permission, but only from the domain, not from the local
machine.

Is this in any way related to the restricted groups that
can be created in group policy ?

Thanks
Brian
 
Brian,

The "RESTRICTED" group is a special built in group. It is really just a
SID placeholder that is reserved for future use.

The restricted groups in GPOs are different and have nothing to do with the
RESTRICTED group. The "Restricted Groups" in a GPO allow an administrator
to control user account memberships and restricted group membership in
other groups.
It is outlined in detail in KB 228496:
http://support.microsoft.com/?id=228496.

Hope that helps.

blim
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| >Content-Class: urn:content-classes:message
| >From: "brian v" <[email protected]>
| >Sender: "brian v" <[email protected]>
| >Subject: restricted group
| >Date: Tue, 2 Dec 2003 16:26:52 -0800
| >Lines: 12
| >Message-ID: <[email protected]>
| >MIME-Version: 1.0
| >Content-Type: text/plain;
| > charset="iso-8859-1"
| >Content-Transfer-Encoding: 7bit
| >X-Newsreader: Microsoft CDO for Windows 2000
| >Thread-Index: AcO5NCXZOwN0/nUQT1+1is44J3LgyA==
| >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| >Newsgroups: microsoft.public.windowsxp.security_admin
| >Path: cpmsftngxa06.phx.gbl
| >Xref: cpmsftngxa06.phx.gbl
microsoft.public.windowsxp.security_admin:100610
| >NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
| >X-Tomcat-NG: microsoft.public.windowsxp.security_admin
| >
| >What is the restricted group that is visible in regedt32
| >hklm permissions. These are the default permissions !
| >
| >In a domain I can also add this group to NTFS file
| >permission, but only from the domain, not from the local
| >machine.
| >
| >Is this in any way related to the restricted groups that
| >can be created in group policy ?
| >
| >Thanks
| >Brian
| >
 
Ben, is the restricted group "SID placeholder" actually
documented anywhere ?

Thanks
Brian
 
Brian,

It's mentioned in KB 243330 http://support.microsoft.com/?id=243330.
Hope that helps.

blim
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| >Content-Class: urn:content-classes:message
| >From: "brian v" <[email protected]>
| >Sender: "brian v" <[email protected]>
| >References: <[email protected]>
<[email protected]>
| >Subject: RE: restricted group
| >Date: Wed, 3 Dec 2003 05:51:09 -0800
| >Lines: 69
| >Message-ID: <[email protected]>
| >MIME-Version: 1.0
| >Content-Type: text/plain;
| > charset="iso-8859-1"
| >Content-Transfer-Encoding: 7bit
| >X-Newsreader: Microsoft CDO for Windows 2000
| >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| >Thread-Index: AcO5pIFQC5jT+uoWSpWm7rtpM8NYhg==
| >Newsgroups: microsoft.public.windowsxp.security_admin
| >Path: cpmsftngxa06.phx.gbl
| >Xref: cpmsftngxa06.phx.gbl
microsoft.public.windowsxp.security_admin:100742
| >NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
| >X-Tomcat-NG: microsoft.public.windowsxp.security_admin
| >
| >Ben, is the restricted group "SID placeholder" actually
| >documented anywhere ?
| >
| >Thanks
| >Brian
| >>-----Original Message-----
| >>Brian,
| >>
| >>The "RESTRICTED" group is a special built in group. It
| >is really just a
| >>SID placeholder that is reserved for future use.
| >>
| >>The restricted groups in GPOs are different and have
| >nothing to do with the
| >>RESTRICTED group. The "Restricted Groups" in a GPO allow
| >an administrator
| >>to control user account memberships and restricted group
| >membership in
| >>other groups.
| >>It is outlined in detail in KB 228496:
| >>http://support.microsoft.com/?id=228496.
| >>
| >>Hope that helps.
| >>
| >>blim
| >>This posting is provided "AS IS" with no warranties, and
| >confers no rights.
| >>--------------------
| >>| >Content-Class: urn:content-classes:message
| >>| >From: "brian v" <[email protected]>
| >>| >Sender: "brian v" <[email protected]>
| >>| >Subject: restricted group
| >>| >Date: Tue, 2 Dec 2003 16:26:52 -0800
| >>| >Lines: 12
| >>| >Message-ID: <[email protected]>
| >>| >MIME-Version: 1.0
| >>| >Content-Type: text/plain;
| >>| > charset="iso-8859-1"
| >>| >Content-Transfer-Encoding: 7bit
| >>| >X-Newsreader: Microsoft CDO for Windows 2000
| >>| >Thread-Index: AcO5NCXZOwN0/nUQT1+1is44J3LgyA==
| >>| >X-MimeOLE: Produced By Microsoft MimeOLE
| >V5.50.4910.0300
| >>| >Newsgroups: microsoft.public.windowsxp.security_admin
| >>| >Path: cpmsftngxa06.phx.gbl
| >>| >Xref: cpmsftngxa06.phx.gbl
| >>microsoft.public.windowsxp.security_admin:100610
| >>| >NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
| >>| >X-Tomcat-NG: microsoft.public.windowsxp.security_admin
| >>| >
| >>| >What is the restricted group that is visible in
| >regedt32
| >>| >hklm permissions. These are the default permissions !
| >>| >
| >>| >In a domain I can also add this group to NTFS file
| >>| >permission, but only from the domain, not from the
| >local
| >>| >machine.
| >>| >
| >>| >Is this in any way related to the restricted groups
| >that
| >>| >can be created in group policy ?
| >>| >
| >>| >Thanks
| >>| >Brian
| >>| >
| >>
| >>.
| >>
| >
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What is the best way to restrict access to Domain Admins on certainfolders? 3
grp policy RESTRICT saving to local disk 3
Group policy 1
Group Policy restrictions 1
Adding domain users as local XP administrators... 6
Suggested privileges for domain users ... 2
Nesting domain groups under local groups 7
Group Policy 12

Back
Top