Restricted groups

G

Guest

Hi,
I have added the domain user to local administrator group
of all the PCs coming under one OU with the help of
restricted groups. but now I have moved that PC from that
OU. But still that user is in the administrator group of
those PCs. Why still that user is having admin previleges
even though that user is no more in that OU. Please any of
you could address this issue?.
Regards,
Srinivas Acharya
 
D

David Pharr [MSFT]

Sounds like you used restricted groups to ensure that particular domain
user account was a member of the local administrators group. Removing the
computer from the OU is not going to cause the user account to be removed -
you will have to remove it manually.

Restricted groups enforce membership - you can set it so that only certain
users are members of a particular group or so that a particular group is
added as a member of other groups. It doesn't "undo" the addition of the
user account to the group if you remove the computer from the OU where the
policy enforcing this setting is applied.

228496 HOW TO: Use Restricted Groups in Windows 2000
http://support.microsoft.com/?id=228496

279301 Description of Group Policy Restricted Groups
http://support.microsoft.com/?id=279301

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: <[email protected]>
| Sender: <[email protected]>
| Subject: Restricted groups
| Date: Wed, 21 Jul 2004 22:32:57 -0700
| Lines: 10
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcRvrVhceGOYbtjyRhynQ2PzCxhUIQ==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:82155
| NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi,
| I have added the domain user to local administrator group
| of all the PCs coming under one OU with the help of
| restricted groups. but now I have moved that PC from that
| OU. But still that user is in the administrator group of
| those PCs. Why still that user is having admin previleges
| even though that user is no more in that OU. Please any of
| you could address this issue?.
| Regards,
| Srinivas Acharya
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Restricted Groups 2
Regarding OU 9
Administering OUs 5
Planning for OU 2
Problem with restricted groups 3
problem with restricted users 1
Restricted Groups 3
Restricted Group 1

Top