Restricted Groups

Computer Configuration\Windows Settings\Security Settings\Restricted Groups

Description

Allows an administrator to define two properties for security-sensitive groups ("restricted" groups).

The two properties are "Members" and "Member Of." The Members list defines who belongs and who does not belong to the restricted group. The Member Of list specifies which other groups the restricted group belongs to.

When a restricted Group Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added.

The Restricted Groups folder is available only in Group Policy objects associated with domains, organizational units, and sites. The Restricted Groups folder does not appear in the Local Computer Policy object.

If a restricted group is defined so that it has no members (i.e., the Members list is empty), all members of the group are removed when the policy is enforced on the system. If the Member Of list is empty, no changes are made to any groups to which the restricted group belongs.

Default: None specified.

 

Note

An empty Members list means that the restricted group has no members; an empty Member Of list means that the groups to which the restricted group belongs are not specified.

For more information, see:

Security Configuration Manager Tools


Top of pageTop of page