Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Local Machine Access via Group Policy

256 views
Skip to first unread message

Brad Tucker

unread,
Aug 15, 2003, 7:55:11 AM8/15/03
to
I have many client machines, mostly W2K Pro, that need to
be logged into locally in order to apply a virus cleanup
and fix. The users performing this cleanup are not
Domain Admins, and, only Domain Admins have the rights to
log on locally and install software. Is there a way to
delegate this via group policy, or is there a way to add
the cleanup users to the client machines Local Admin
group? Any help would be appreciated.

Tim Hines [MSFT]

unread,
Aug 15, 2003, 9:44:52 AM8/15/03
to
You can add users or groups to the local administrators group by using a
group policy. The following setting will do the trick

Restricted Groups
Computer Configuration\Windows Settings\Security Settings\Restricted Groups

Description
Restricted groups allow an administrator to define two properties for
security-sensitive groups (that is, "restricted" groups).

The two properties are Members and Member Of. The Members list defines who
should and should not belong to the restricted group. The Member Of list
specifies which other groups the restricted group should belong to.

When a restricted Group Policy is enforced, any current member of a
restricted group that is not on the Members list is removed. Any user on the
Members list which is not currently a member of the restricted group is
added.

Note

The Restricted Groups folder is available only in Group Policy objects
associated with domains, OUs, and sites. The Restricted Groups folder does
not appear in the Local Computer Policy object.

If a Restricted Group is defined such that it has no members (that is, the
Members list is empty), then all members of the group are removed when the
policy is enforced on the system. If the Member Of list is empty no changes
are made to any groups that the restricted group belongs to. In short, an
empty Members list means the restricted group should have no members while
an empty Member Of list means "don't care" what groups the restricted group
belongs to.


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
"Brad Tucker" <brad....@lendlease.com> wrote in message
news:0ae601c36324$14ff8b50$a301...@phx.gbl...

0 new messages