
close
close
Following the first two entries in my managing Active Directory Local Groups article series, we’re ready for our next installment. In this article, I’ll talk about another feature of Group Policy called “Local Users and Groups” that is part of the relatively new section of GPO called Group Policy Preferences (GPP). Local group GPP settings allows you to centrally create, delete, and rename local groups. You can also use these settings items to change local group memberships.
Managing Local Active Directory Groups Article Series
The nice thing about this feature in comparison to the old Restricted Groups feature in GPO is that it lets you add users and groups as members, while ensuring the current group membership is not modified. In turn, this gives you higher flexibility in group membership management.
Although this feature is relatively new, it wasn’t included in the original release of Group Policy as part of Windows Server 2000, but was later added in Windows Vista and was back ported to Windows XP after installing a special client-side add-on (Download Group Policy Preference Client Side Extensions for Windows XP). However, starting from Windows Vista and Windows Server 2008 R2, it just works out of the box.
advertisment
Like in the previous Restricted Groups feature of GPO, you need to create or edit a GPO that’s linked to the OU, which contains the computer objects that you want to be affected by the GPO.
Note: In GPP, you can use item-level targeting to change the scope of preference items, but that’s a topic for a different article.
1. In that GPO, browse and expand “Computer Configuration” > “Preferences” > “Control Panel Settings”. Click on “Local Users and Groups”.
2. Right-click on “Local Users and Groups” and select “New Local Group”.
Local Users and Groups in the Group Policy Management Editor. (Image Credit: Daniel Petri)
It should be noted that these four actions are also known as create, read, update, delete (CRUD) actions.
4. In this case, we will select “Update”.
Selecting the update action in the New Local Group Properties dialog box. (Image Credit: Daniel Petri)
List of built-in group names in the New Local Group Properties dialog box. (Image Credit: Daniel Petri)
Adding a user to the local group. (Image Credit: Daniel Petri)
Choosing to use the update action for the local group. (Image Credit: Daniel Petri)
testuser2 is in our local group. (Image Credit: Daniel Petri)
Performing a GPO refresh in the command prompt. (Image Credit: Daniel Petri)
Our resulting local group properties. (Image Credit: Daniel Petri)
More from Daniel Petri
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Active Directory
Microsoft Rolls Out Azure AD Verifiable Credentials Service to More Customers
May 11, 2022 | Rabia Noureen
Best Practices for Installing Active Directory Domain Controllers in a Virtual Machine
Apr 15, 2022 | Michael Taschler
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group