Article ID: 279301 - View products that this article applies to.
This article was previously published under Q279301
NoticeThis article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center
(http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fwin2000)is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy
This article provides a description of Group Policy Restricted groups.
Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups:
Using the "Members" Restricted Group Portion of PolicyWhen a Restricted Group policy is enforced, any current member of a restricted group that is not on the "Members" list is removed with the exception of administrator in the Administrators group. Any user on the "Members" list which is not currently a member of the restricted group is added.
Using the "Member Of" Restricted Group Portion of PolicyOnly inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box.
Managing membership of Domain Groups by using Restricted GroupsMicrosoft does not support using Restricted Groups in this scenario. Restricted Groups is a client configuration means and cannot be used with Domain Groups. Restricted Groups is designed specifically to work with Local Groups. Domain objects have to be managed within traditional AD tools. Therefore, we do not plan currently to add or support using Restricted Groups as a way to manage Domain Groups.
Article ID: 279301 - Last Review: May 15, 2009 - Revision: 7.2