GPO Issue - Restricted Groups won't take

[Nucleus111]

Server 2000 domain:
I created a restricted group called "local admin group" and added the domain admins group and another user to it. However, the computer used for the testing (windows xp sp1) won't take these settings. I've tried numerous reboots and policy refreshes using gpupdate /force, but nothing is working. Any ideas?

 

[KB]

Try using some of the GP reporting tools (RSOP and gpresult) to see if the group policy is taking effect. It is possible the GP is not targeting the right OU.

Maybe I am mistaken but I thought you had to define a restricted group only for the builtin groups (Administrators, Account Operators, Users etc.)
I don't think you can use it to create a group called "local admin group" and even if it could what good would it do unless that group was assigned admin prilivedges on the machine beforehand.

 

[Nucleus111]

What exactly is the correct format then?
Do I need to specify which group I want them to be added to? I thought restricted groups was only for the local administrator accounts. Any help on how to accomplish this is greatly appreciated!

 

[Nucleus111]

Anyone?

 

[Kilrsat]

I can't find the article right now, but there is one on the MSDN on how to use GPO and OUs to allow active directory users to be local administrators on all workstations without being domain admins.

The key is that all the workstations you want the users to be local admins on need to be members of the OU that has the particular GPO applied to it.

I'll see if I can dig up the article.

 

[Nucleus111]

I figured out how to use it correctly.
Thanks.