Computer Performance, Windows Server 2003

Guy recommends :
Free SolarWinds
VM Console

Solarwinds VM Console Free Download

Find out which of your VMs are a waste of space and which VMs need more resources.
Custom Search
Hire Employee Provisioning

Guy's Review of
Computer Utilities

 1) FreePing
 2) Engineer's Toolset
 3) Xobni
 4) PuTTY
 5) WMI Monitor
 6) BgInfo
 7) Net-SNMP
 8) IP Address Tracker
 9) DNS Stuff
10) WinDiff Compare

Security Settings  - Restricted Groups

Security Settings - Restricted Groups

One scenario where you may want to configure a policy for Restricted Groups is for member servers. What could happen is that a local administrator removes the Domain Administrators from the local administrators group.  This action would make it difficult for you to administer that server.  By enforcing Restricted Groups, you could ensure that Domain Admins were always a member of the local administrators global group.

Security Settings

     Account Policies

     Local Policies

     Event Log

     Restricted Groups

  ‡

Understanding Members and MemberOf

From a technical point of view this is a curious policy.  To start with there is no policy - you have to create one.  Fortunately, creating a Restricted Group policy is easy.  However configuring can be confusing as there are two similar properties, Members and Member Of.

The plain 'Members' list defines who belongs to the restricted group. Whilst the 'MemberOf' list, specifies which other groups the restricted group itself, belongs to.

When you enforce a Restricted Groups policy, any current member that is not on the Members list is removed.  Equally, any user on the Members list who is not currently a member of the restricted group is added to that group.

The 'Reverse membership' configuration ensures that each Restricted Group is a member of only those groups that are specified in the Member Of column.

Free Monitor for Your Network: SolarWinds Real-time Traffic AnalyzerSolarwinds Real-time Traffic Analyzer

The main reason for monitoring your network is to check at a glance which servers are available.  If there is a network problem you want an interface to show the scope of the problem immediately.

Even when all servers and routers are available, sooner or later you will be curious to know who, or what, is hogging the precious network's bandwidth.  A GUI showing the top 10 users always makes interesting reading.

Another reason to monitor network traffic is to learn more about your server's response times and the consumption of resources.  To take the pain out of capturing frames and analysing the raw data, Guy recommends that you download a copy of the SolarWinds free Real-time NetFlow Analyzer.

Implementing Restricted Group Policy.Group Policy Restricted Groups

As ever, when you are not sure what to do, right-click.  So from the Restricted Group folder, right-click, Properties, Add Group.  Next make your selection for the Members and Members Of boxes.

Now that you understand how restricted groups work, you come to the strategic decision about how to implement them.  The philosophy here is that you do not want anyone to sneak in extra members of key groups such as administrators.  You can extend the principle to politically sensitive groups that you created, for example Mangers, Bosses, or Downsizing Committee.

Who needs this policy?  Companies that are so big that you have lots of administrators and you want to control membership of key groups.


 Group Policy ebook Windows 2003 Download my 'Master Group Policies' ebook only $6.25

The extra features you get in your eBook include: Spreadsheet with over 850 policies.  Printer friendly version over Word A4 pages in Word.

See more security Group Policies

Group Policies   • Troubleshooting Group Policies   • Security Options

Group Policy Overview  • Group Policy Tactics  • Security Restricted Groups 

Security System Services   • Security Audit   • Security Event Log

If you like this page then please share it with your friends

 

 *

Custom Search

Site Home

Guy Recommends:
Orion's NPM - Network Performance MonitorReview of Orion NPM

Orion's performance monitor is designed for detecting network outages.  NPM makes it easy to see what's working, and what needs your attention.

This utility guides you through creating network maps.  It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.

Download a free trial of Network Performance Monitor

Author: Guy Thomas Copyright © 1999-2012 Computer Performance LTD All rights reserved.

Please report a broken link, or an error to: