
close
close
Chance to win $250 in Petri 2023 Audience Survey
Following the first two entries in my managing Active Directory Local Groups article series, we’re ready for our next installment. In this article, I’ll talk about another feature of Group Policy called “Local Users and Groups” that is part of the relatively new section of GPO called Group Policy Preferences (GPP). Local group GPP settings allows you to centrally create, delete, and rename local groups. You can also use these settings items to change local group memberships.
Managing Local Active Directory Groups Article Series
The nice thing about this feature in comparison to the old Restricted Groups feature in GPO is that it lets you add users and groups as members, while ensuring the current group membership is not modified. In turn, this gives you higher flexibility in group membership management.
Although this feature is relatively new, it wasn’t included in the original release of Group Policy as part of Windows Server 2000, but was later added in Windows Vista and was back ported to Windows XP after installing a special client-side add-on (Download Group Policy Preference Client Side Extensions for Windows XP). However, starting from Windows Vista and Windows Server 2008 R2, it just works out of the box.
Like in the previous Restricted Groups feature of GPO, you need to create or edit a GPO that’s linked to the OU, which contains the computer objects that you want to be affected by the GPO.
Note: In GPP, you can use item-level targeting to change the scope of preference items, but that’s a topic for a different article.
1. In that GPO, browse and expand “Computer Configuration” > “Preferences” > “Control Panel Settings”. Click on “Local Users and Groups”.
2. Right-click on “Local Users and Groups” and select “New Local Group”.
Local Users and Groups in the Group Policy Management Editor. (Image Credit: Daniel Petri)
It should be noted that these four actions are also known as create, read, update, delete (CRUD) actions.
4. In this case, we will select “Update”.
Selecting the update action in the New Local Group Properties dialog box. (Image Credit: Daniel Petri)
List of built-in group names in the New Local Group Properties dialog box. (Image Credit: Daniel Petri)
Adding a user to the local group. (Image Credit: Daniel Petri)
Choosing to use the update action for the local group. (Image Credit: Daniel Petri)
testuser2 is in our local group. (Image Credit: Daniel Petri)
Performing a GPO refresh in the command prompt. (Image Credit: Daniel Petri)
Our resulting local group properties. (Image Credit: Daniel Petri)
More in Active Directory
Microsoft Releases Update to Streamline Exchange Online License Assignments
Jan 24, 2023 | Rabia Noureen
How to Export Active Directory Users to CSV With PowerShell and ADUC
Jan 23, 2023 | Michael Reinders
ManageEngine ADSelfService Plus: Protect On-Premises and Cloud Services from Password Attacks with Multi-factor Authentication
Jan 12, 2023 | Michael Reinders
Microsoft 365 to Launch New $1.99/Month Basic Subscription with 100 GB of OneDrive Storage
Jan 11, 2023 | Rabia Noureen
Most popular on petri