RE: [ActiveDir] Question on "restricted group" policy.

[WATSON, BEN]

When I wanted to do this with my domain workstations, I simply used a group policy object to deploy a startup script that added the proper security groups to the local administrators group.  If I wanted to then remove these groups, I would simply edit the script and switch the /add to a /delete.   net localgroup administrators "DOMAIN\SECURITY GROUP" /add   to   net localgroup administrators "DOMAIN\SECURITY GROUP" /delete   Others may have an alternative solution, but that is what would work in my environment.   ~Ben   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky Sent: Wednesday, July 26, 2006 4:08 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Question on "restricted group" policy.   Hey,      Created a restricted group policy for my domain that's adds some groups to the local administrators group of the workstations. My question is now management wants me to delete it. If I understand the way this works is that if I delete it then it will delete the groups that were associated with this policy thus leaving nobody in the local admin group. Am I correct...   v/r john