Description of Group Policy Restricted Groups

This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.

Summary

This article provides a description of Group Policy Restricted groups.

More Information

Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups:
  • Members
  • Member Of
The "Members" list defines who should and should not belong to the restricted group. The "Member Of" list specifies which other groups the restricted group should belong to.

Using the "Members" Restricted Group Portion of Policy

When a Restricted Group policy is enforced, any current member of a restricted group that is not on the "Members" list is removed with the exception of administrator in the Administrators group. Any user on the "Members" list which is not currently a member of the restricted group is added.

Using the "Member Of" Restricted Group Portion of Policy

Only inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box.

Managing membership of Domain Groups by using Restricted Groups

Microsoft does not support using Restricted Groups in this scenario. Restricted Groups is a client configuration means and cannot be used with Domain Groups. Restricted Groups is designed specifically to work with Local Groups. Domain objects have to be managed within traditional AD tools. Therefore, we do not plan currently to add or support using Restricted Groups as a way to manage Domain Groups.
Propriétés

ID d'article : 279301 - Dernière mise à jour : 16 déc. 2009 - Révision : 1

Commentaires