HOW TO: Use Restricted Groups in Windows 2000 (228496)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional
This article was previously published under Q228496 SUMMARY
In Microsoft Windows 2000, the Security Settings extension to the Group Policy Editor includes a node called Restricted Groups. An administrator may use the Restricted Groups node to control the following items:
- User account membership in "restricted" groups.
- Restricted group membership in other groups (reverse membership).
back to the topRestricted Group Processing
Administrators may configure restricted groups for a specific group policy object by adding the desired group directly to the restricted groups node of the group policy object namespace. Once groups are added, membership may be configured for each group by right-clicking the appropriate group, and then clicking Security.
In the Security dialog box there are 2 list boxes, " Members of group name" and " group name is a member of", where group name is the appropriate group name. Membership is enforced as:
- Members of group name
Membership Is Strictly Enforced:
- For the restricted group, any user or group that is included in that restricted group's member list is added to the group.
- Any user or group that is currently a member of the group, but is not listed in the restricted group's member list is removed.
- group name Is a Member of
Only inclusion is enforced in this case. The restricted group is not removed from other groups based on the items in this list. This section is not present in Windows 2000 Professional.
back to the top
| Modification Type: | Major | Last Reviewed: | 2/23/2004 |
|---|
| Keywords: | kbhowto kbHOWTOmaster kbnetwork KB228496 kbAudITPro |
|---|
|