This article provides a description of Group Policy Restricted groups.
Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups:
- Member Of
Using the "Members" Restricted Group Portion of PolicyWhen a Restricted Group policy is enforced, any current member of a restricted group that is not on the "Members" list is removed with the exception of administrator in the Administrators group. Any user on the "Members" list which is not currently a member of the restricted group is added.
Using the "Member Of" Restricted Group Portion of PolicyOnly inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box.
Managing membership of Domain Groups by using Restricted GroupsMicrosoft does not support using Restricted Groups in this scenario. Restricted Groups is a client configuration means and cannot be used with Domain Groups. Restricted Groups is designed specifically to work with Local Groups. Domain objects have to be managed within traditional AD tools. Therefore, we do not plan currently to add or support using Restricted Groups as a way to manage Domain Groups.
Article ID: 279301 - Last Review: Dec 16, 2009 - Revision: 1