Group Policy help - Tech Support

Group Policy help: Posted by ADP Comm on January 28th, 2008; Hello,
I'm trying to setup a policy to grant access for a security group to have
domain admin level access only on a few specific servers. We are using OCS
and the chosen few to be administrators for it are not domain admins. I have
read and understand they will need domain admin rights for some aspects of
the software. I only want to enable the group to have admin rights on the OCS
servers. Where do I find the correct policy to accomplish this? Any and all
assistance would be appreciated.; Posted by Florian Frommherz [MVP] on January 28th, 2008; Howdie!

ADP Comm schrieb:
Have a look at the "Restricted Groups" feature:

http://www.frickelsoft.net/blog/?p=13

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.; Posted by ADP Comm on January 28th, 2008; Thank you for the reply and it does explain things well I think. I am still
trying to determine how to further restrict the group used for in the new
policy, under 'Restricted Groups'.
This first part does accomplish part of my goal. It is the second half, how
to restrict them to specific machines is what I am trying to do.

"Florian Frommherz [MVP]" wrote:

Have a look at the "Restricted Groups" feature:

http://www.frickelsoft.net/blog/?p=13

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.; Posted by BBW on January 28th, 2008; A sloppy answer, i think, is to create a sub OU, move the machines that you
don't want them to have access to and restrict that one Policy...?

Just a thought as I need to do this also on other issues.

"ADP Comm" <ADPComm@discussions.microsoft.com> wrote in message
news:EF0EBFC9-FA9B-4CD8-8A92-804F9DA7D3D9@microsoft.com...; Posted by ADP Comm on January 28th, 2008; It sounds like a nice idea however at this time, OU's aren't working as they
should on the network I'm supporting.

"BBW" wrote:; Posted by Florian Frommherz [MVP] on January 29th, 2008; Howdie!

ADP Comm schrieb:
Just like BBW replied, you need to link that policy to the OU where the
specific machine accounts are in.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.; Posted by Florian Frommherz [MVP] on January 29th, 2008; Howdie!

ADP Comm schrieb:
What do you mean by "OUs aren't working as they should"?

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.

Similar Posts

group policy (Windows Server) by Dan
Group Policy (Microsoft Windows) by WMSalam
Domain Controller Security Policy / Group Policy Object HELP!!!! (Windows Server) by Adam
Group policy (Windows 98) by Martin
Group Policy only applies to Administrator Group on Profile change (Windows 2000) by Michael Curry