8.5. Restricted Groups

With a special security-related Group Policy function, you can use Restricted Groups to strictly control the following tasks:

  • The membership of security groups that you create in Active Directory

  • The security group membership on groups created on member machines (workstations or servers)

  • The security groups that are nested within each other

You might want to strictly control these security groups or nestings to make sure that users in other areas of Active Directory, say, other domain administrators, don't inadvertently add someone to a group that shouldn't be there. Here are some practical uses of this technology:

  • Ensure that the domain's Backup Operators group contains only Sally and Joe.

  • Ensure that the local Administrators ...

Get Group Policy: Fundamentals, Security, and Troubleshooting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.