Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: RE: [ActiveDir] Restricted Groups and Local Accounts
Prev Next
You are not authorized to post a reply.

AuthorMessages
bwatsonUser is Offline

Posts:25

09/24/2008 1:09 PM  
I believe the GP extensions capability for XP are part of a separate
update that you can download and apply to your machines.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e60b5c8f-d7dc-4
b27-a261-247ce3f6c4f8&displaylang=en

Does it not function on Service Pack 3 XP machines?

-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Susan Bradley,
CPA
Sent: Friday, September 05, 2008 1:25 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Restricted Groups and Local Accounts

Afai understand, the GP extensions can't be applied to XP sp3 yet.

Roelf Zomerman wrote:
>
> You can try to add the users using the Group Policy Preferences..
> you'd need at least one 2008 or Vista client with group policy editor
> for this to work, but preferences are also applied to Windows XP/2003
> clients, asuming they have the latest updates (including group policy
> extensions)..
>
> _R
>
> *From:* ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] *On Behalf Of *WATSON, BEN
> *Sent:* Friday, September 05, 2008 10:20 PM
> *Subject:* [ActiveDir] Restricted Groups and Local Accounts
>
> Say I want to create a restricted groups policy that when applied to
> specific machines will always ensure that a local user account with a
> certain name will be added to the local administrators group.
>
> Is there a way to do this? When I create the policy and point the
> restricted groups policy to my own machine to grab the name of the
> local account, it works on my machine, but the policy will not add
> that local account to any other machines. Just to clarify, if the user

> account is created with the same name as specified in the policy, the
> restricted groups policy apparently does not recognize that local
> account and does not add it to the local administrators group.
>
> Is the policy actually using the local SID of the account and thus
> even though all the local accounts are named the same, the policy
> doesn't believe them to be the same and thus doesn't process it?
> That's the only thing I can think of for why this wouldn't work.
>
> Thanks,
>
> Ben
>
> _______________________________________
>
> Best way to annoy your co-workers? E-mail.
> <http://abcnews.go.com/print?id=5351908>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > RE: [ActiveDir] Restricted Groups and Local Accounts



ActiveForums 3.7
AdventNet Banner
Friends

Friends

Namescape
Members

Members

MembershipMembership:
Latest New UserLatest:rwrabinowitz
New TodayNew Today:1
New YesterdayNew Yesterday:1
User CountOverall:4273
People OnlinePeople Online:
VisitorsVisitors:262
MembersMembers:0
TotalTotal:262
Online NowOnline Now:

Ads

Copyright 2008 ActiveDir.org
Terms Of Use