Description of Group Policy Restricted Groups (279301)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Web Edition
This article was previously published under Q279301

SUMMARY

This article provides a description of Group Policy Restricted groups.

MORE INFORMATION

Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups:
  • Members
  • Member Of
The "Members" list defines who should and should not belong to the restricted group. The "Member Of" list specifies which other groups the restricted group should belong to.

Using the "Members" Restricted Group Portion of Policy

When a Restricted Group policy is enforced, any current member of a restricted group that is not on the "Members" list is removed with the exception of administrator in the Administrators group. Any user on the "Members" list which is not currently a member of the restricted group is added.

Using the "Member Of" Restricted Group Portion of Policy

Only inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box.
Modification Type:MajorLast Reviewed:4/21/2005
Keywords:kbinfo kbnetwork KB279301
©2004 Microsoft Corporation. All rights reserved.