To Create a Restricted Groups policy in a security template

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To create a Restricted Groups policy in a security template

  1. Open Security Templates.

  2. In the console tree, click Restricted Groups.

    Where?

    • Security Templates/Template path folder/Security template/Restricted Groups
  3. In the console tree, right-click Restricted Groups, and then click Add Group.

  4. In Group, type the name of the new or existing group for which you would like restricted policy and click OK.

  5. To add members to the group, do one of the following:

    • If you created a new group, click Add Members.

    • If you are working with an existing group, in the details pane, right-click the group you added, click Properties, and then click Add Members.

  6. In NewGroupProperties, click Add Members, and then type the member you would like to add. Repeat this step for each member you would like to add.

  7. To add this group as a member of any other groups, in NewGroupProperties, click Add Groups, type the name of the group, and click OK. Repeat this step for each group you want to add.

Important

  • If Restricted Groups policy is defined for the Administrators group, when the template is imported to a Group Policy object or applied to your local computer, then all members not defined in the policy will be removed from the Administrators group.

Notes

  • Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

  • To open Security Templates, click Start, and click Run, then type mmc and click OK. On the File menu, click Open, click the console that you want to open, then click Open. Then, in the console tree, click Security Templates.

  • Restricted Groups policy states that only the members that you have added can belong to that group. When the security template is used to configure your local computer, during the configuration, only members specified in Restricted Groups policy will remain members. Similarly, at the time of configuration, if the member does not belong to the group, they will be added to the group.

  • If there are no users in a defined restricted group, then all current members of that group are removed when you apply or import the template.

  • To copy all of the restricted group entries from one template to another, in the console tree, right-click Restricted Groups, click Copy, right-click Restricted Groups in the other template, and then click Paste.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Restricted Groups
Add Security Templates to an MMC console
Apply a security template to local policy
Import a security template to a Group Policy object
Security Templates