Just had a question come through about 'Restricted Groups'. One of the original extensions to GP, increadibly powerful and helpful to admins who need to have better control over local group memberships. There are some scenarios that 'Restricted Groups' don't easily cover. This is one area where the new GP Preference extension Local Users and Groups can help.
The intent of the Restricted Groups Functionality is to publish an official member list for the target group. This is a good goal but there are many situations where there is some reason for people to add individuals to a local group that need to be there and may not be in the published member list. In this case the Restricted Group functionality will overwrite the local settings. Not a bad thing, not a good thing, just how it works...
The Group Policy Preference Local Users and Groups extension works differnetly. With this new extension, among many other features, you can merge the new members right into the target group without disrupting the existing membership. Sinple interface, intuitive and very easy to work with.
Take some time to explore the many new extensions provided in GP Preferneces there are some absolute gold mines in there.
To be clear there are some usage scenarios to be aware of.
- GP tools need to be run from Windows Server 2008 -OR- Windows Vista SP1 with RSAT
- GP Preferences Client Side Extensions need to be deployed to all of the target systems
- Client Side Extensions are supported on Windows Vista RTM, Windows Vista SP1, Windows XP SP2, Windows Server 2003 SP1
- The Cleint side Extensions are present on Windows Server 2008
RSAT and the Client Side Extensions can be found on the download center, see other posts on this blog.
Go Forth and Manage