Microsoft KB Archive/228496

= HOW TO: Use Restricted Groups in Windows 2000 =

Article ID: 228496

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q228496





IN THIS TASK
SUMMARY
 * Restricted Group Processing



SUMMARY
In Microsoft Windows 2000, the Security Settings extension to the Group Policy Editor includes a node called Restricted Groups. An administrator may use the Restricted Groups node to control the following items:
 * User account membership in "restricted" groups.
 * Restricted group membership in other groups (reverse membership).

back to the top

Restricted Group Processing
Administrators may configure restricted groups for a specific group policy object by adding the desired group directly to the restricted groups node of the group policy object namespace. Once groups are added, membership may be configured for each group by right-clicking the appropriate group, and then clicking Security.

In the Security dialog box there are 2 list boxes, "Members of group name" and "group name is a member of", where group name is the appropriate group name. Membership is enforced as:
 * 1) Members of group name

Membership Is Strictly Enforced:


 * 1) * For the restricted group, any user or group that is included in that restricted group's member list is added to the group.
 * 2) * Any user or group that is currently a member of the group, but is not listed in the restricted group's member list is removed.
 * 3) group name Is a Member of

Only inclusion is enforced in this case. The restricted group is not removed from other groups based on the items in this list. This section is not present in Windows 2000 Professional.

back to the top

Additional query words: 2000 gpo

Keywords: kbhowto kbhowtomaster kbnetwork KB228496

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.