Q

How can I use Group Policy to enforce and append security groups to the local administrators group?

Expert Jeremy Moskowitz explains why the Restricted Groups feature in Group Policy is not ideal for every situation.

This Content Component encountered an error
I would like to use Group Policy to enforce and append security groups to the local administrators group. Using logon/logoff scripts through GPO is only effective if the user has local administrative access. This solution does not work for our situation. Using GPO settings to add groups to the local administrative group is a re-write of the local group and I need this to append and not over-right.

What you're describing is called Restricted Groups, and, you got it -- it's seemingly not possible to make Restricted Groups' most useful feature be "additive" (or, more accurately, "augmentative.") That is, most people want to use it to add _additional_ members to an existing group. But that's not how the "Members of this group" function works. Rather, it "rip and replaces" existing members. So, it's not ideal in every situation.

This was first published in April 2006

Dig deeper on Microsoft Group Policy Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close