A pretty nifty concept that was introduced with Windows 2000, Restricted Groups allows
an administrator to set a domain policy that restricts the membership of a given group.
For example, if an unauthorized user adds himself to the local Administrators group on
a domain member, upon the next Group Policy refresh, that account will be removed so
that membership reflects that which is defined by the Restricted Groups policy. These
settings are refreshed every 90 minutes on a member computer, every 5 minutes on a
domain controller, and every 16 hours whether or not changes have occurred.
Subscribe to:
Post Comments (Atom)
0 comments
Post a Comment