How to Use Restricted Groups in Windows 2000

ID: Q228496

The information in this article applies to:

Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional

SUMMARY

In Microsoft Windows 2000, the Security Settings extension to the Group Policy Editor includes a node called Restricted Groups. An administrator may use the Restricted Groups node to control the following items:

User account membership in "restricted" groups.

Restricted group membership in other groups (reverse membership).

MORE INFORMATION

Restricted Group Processing

Administrators may configure restricted groups for a specific group policy object by adding the desired group directly to the restricted groups node of the group policy object namespace. Once groups are added, membership may be configured for each group by right-clicking the appropriate group, and then clicking Security.
In the Security dialog box there are 2 list boxes, "Members of group name" and "group name is a member of", where group name is the appropriate group name. Membership is enforced as:

Members of group name

Membership Is Strictly Enforced:
- For the restricted group, any user or group that is included in that restricted group's member list is added to the group.
- Any user or group that is currently a member of the group, but is not listed in the restricted group's member list is removed.

group name Is a Member of

Only inclusion is enforced in this case. The restricted group is not removed from other groups based on the items in this list. This section is not present in Windows 2000 Professional.

Additional query words: 2000

Keywords : kbnetwork kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbhowto