locked
will disabling restricted groups remove permissions.. urgent plz RRS feed

  • Question

  • I just added in a user to the local admins on a new restricted group. Turns out i made a type and put it on the wrong gpo and it hit half the machines in the enterprise.

    I just disabled the gpo. Will all of the local admins on all the servers be blank? Or will they revert to what they were before i enabled the policy?
    Tuesday, July 8, 2008 8:06 PM

Answers

  •  

    Hi,

     

    If you disable the GPO, the corresponding settings for restricted groups will be reverted to the original state. After doing so, if you want to take it affect immediately, please run 'gpupdate /force' on every client to flush GP.

     

    More information:

    ============

     

    When you disable GPO, CSE(client side extension) will detect this change and invoke the related functions to reflect  this change. Also, you can check security CSE properties that control each CSE behavior under:

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\827D319E-6EAC-11D2-A4EA-00C04F79F83A

     

    It shows security related policies process during background, slow link, computer startup.  

     

    Hope this helps.

     

    Best wishes

    --------------
    Morgan Che

    Wednesday, July 9, 2008 7:54 AM

All replies

  •  

    Hi,

     

    If you disable the GPO, the corresponding settings for restricted groups will be reverted to the original state. After doing so, if you want to take it affect immediately, please run 'gpupdate /force' on every client to flush GP.

     

    More information:

    ============

     

    When you disable GPO, CSE(client side extension) will detect this change and invoke the related functions to reflect  this change. Also, you can check security CSE properties that control each CSE behavior under:

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\827D319E-6EAC-11D2-A4EA-00C04F79F83A

     

    It shows security related policies process during background, slow link, computer startup.  

     

    Hope this helps.

     

    Best wishes

    --------------
    Morgan Che

    Wednesday, July 9, 2008 7:54 AM
  • thank you microsoft for having that security feature built in.. whewwwwww. I probably woulda gotten fired for this.

    Yea about 2 hours after we found out about it, we noticed that the accounts started to change back. We were puzzled because we thought that somebody else in the enterprise was working on it and fixing it,, but no it was fixing itself


    thanks for the reply
    Wednesday, July 9, 2008 12:22 PM