OK but what about the "Administrator" user. I want to add "Administrator" (aka Administrateur in French) to the Power Users, and Administrators groups on each machine. "Administrator" is a different SID on each PC.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crawford, Scott Sent: Tuesday, May 17, 2005 11:18 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Restricted Groups GPO Download sid2user from http://www.ntbugtraq.com/default.aspx?pid=55&did=6 to find out the SID for any user. The administratorS group should be the same SID on all machines though. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Tuesday, May 17, 2005 10:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Restricted Groups GPO Thanks. I think that will help. On that URL with the SIDs, it says "Administrator" is S-1-5-domain-500. What do you replace "domain" with? Or where do I find that "domain" replacment info from? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crawford, Scott Sent: Tuesday, May 17, 2005 10:16 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Restricted Groups GPO Instead of using the name administrators, use the well-known SID. S-1-5-32-544 for Administrators. There's a list of other SIDS that should be the same on all boxes, regardless of language, here. http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/e n-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-u s/prnc_sid_cids.asp -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Tuesday, May 17, 2005 6:30 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Restricted Groups GPO I have reports from our France and German locations that any Windows XP installs that aren't in the English language aren't getting our restricted groups GPO that ensures specific global groups are in the local administrators group on all desktops and servers. The problem appears to be that the GPO modifies the "Administrators" group, however in France, for example, it's called "Administrateurs". The GPO appears not to be smart enough to realize that's the same thing, so it's not modifying this French version (or German). Is there a workaround for this?? Thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
