Restricted Groups Members GPO linked in Child OU is not working against Restricted Groups Members Of from Parent OU
scenario:
parent ou linked restricted groups memberof parent gpo
child ou linked restricted groups members child gpo
domain>parent ou>child ou
restricted groups memberof parent gpo has group 1, group 2, group 3, , group 4 memberof builtin\administrators.
restricted groups members child gpo has builtin\administrators members group 1 , group 2.
in theory, computer accounts in child ou should have group 1 , group 2 in builtin\administrators group on member server, not case group 3 , group 4 still being added. restricted groups members should wipe out other groups , add specified, not doing that. @ first thought restricted groups members child gpo not applying, ran gpupdate /force , checked computer settings see if policy applied running gpresult /r . if go restricted groups members child gpo , add group 5, shows expected, restricted groups members child gpo applying, reason restricted groups memberof parent gpo still finding way in. there patch needs applied or restricted groups not support type of function? time in looking this.
hi robert,
in theory, computer accounts in child ou should have group 1 , group 2 in builtin\administrators group on member server,
>>>yes, computers member of child ou should have group 1 , group 2.
i have tested this. , ok.
here steps:
- create computer ou(parent), , add computers ou
- right-click parent ou create child ou, , add related computers child ou
- then create gpos link parent , child ou
- configure group policy said
- run gpupdate /force
for problem, suggest try check if check if enforce gpo, link parent ou.
and suggest try run gpresult /h gpreport.html administrator on computers member of child ou. check if winning gpo gpo linked child ou.
gpresult /r check applied gpo. running gpresult /h gprepory.html check detailed information.
best regards,
jay
please remember mark replies answers if help.
if have feedback technet subscriber support, contact tnmff@microsoft.com.
Windows Server > Group Policy
Comments
Post a Comment