nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

2008 Group Policy Question

billybob01

I am looking for a way to add a security group to all workstations on our domain, so that i can add a selection of users to install sotware.

Any ideas?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Mishra

Sounds like you want to implement Restricted Groups. Be careful with RGs as they REPLACE the users/groups on all workstations. So you would have to manage a constant list.

qcomer

Mishra wrote: »

Sounds like you want to implement Restricted Groups. Be careful with RGs as they REPLACE the users/groups on all workstations. So you would have to manage a constant list.

Or you can use restricted groups on the group level:

Create a new group, add your users to it. Use Restricted Groups to add this to the local admin group. There is an option in restricted groups to do it this way so it doesnt not replace any other accounts in the current local admins group, it just adds the group you selected.

This is how Ive added the sccm admin accounts and stuff to our local admins without replacing current local admins.

blargoe

Yes, this. This is how we enforce our tech support group remain in local admins, even if someone tries to be cute and remove them.

You can use restricted groups to dictate the membership of a group, or you can use them to give a list of groups that an account (user or group) should always be a member of. We're using RG's both to lock down the elevated Built-in groups in our domain, and to enforce the policy that tech support is always in local admins for our desktops.

qcomer wrote: »

Or you can use restricted groups on the group level:

Create a new group, add your users to it. Use Restricted Groups to add this to the local admin group. There is an option in restricted groups to do it this way so it doesnt not replace any other accounts in the current local admins group, it just adds the group you selected.

This is how Ive added the sccm admin accounts and stuff to our local admins without replacing current local admins.

billybob01

Cool, thanks guys, tried the RG option and it works a treat. Thanks again.