Microsoft KB Archive/279301

= Description of Group Policy Restricted Groups =

Article ID: 279301

Article Last Modified on 2/21/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition

-



This article was previously published under Q279301



SUMMARY
This article provides a description of Group Policy Restricted groups.



MORE INFORMATION
Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups:
 * Members
 * Member Of

The &quot;Members&quot; list defines who should and should not belong to the restricted group. The &quot;Member Of&quot; list specifies which other groups the restricted group should belong to.

Using the &quot;Members&quot; Restricted Group Portion of Policy
When a Restricted Group policy is enforced, any current member of a restricted group that is not on the &quot;Members&quot; list is removed with the exception of administrator in the Administrators group. Any user on the &quot;Members&quot; list which is not currently a member of the restricted group is added.

Using the &quot;Member Of&quot; Restricted Group Portion of Policy
Only inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box.

Keywords: kbinfo kbnetwork KB279301

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.