1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Group Policy - Managing Restricted Groups

Discussion in 'Servers and Enterprise Solutions' started by Phal, 19 Sep 2009.

  1. Phal

    Mobster

    Joined: 19 Jul 2004

    Posts: 4,089

    Location: Shoreham by Sea

    Just been doing some testing on using restricted groups to control the membership of local security groups.

    Ive been using a couple of VM machines running Win XP and this is joined to a domain running a Server 2003 DC.

    It seems to work fine although it doesnt seem to refresh very often. Initially I did a gpupdate /force and this cleared any extra membership of the local admin account like it was supposed to but as a test I added another account in there manually. This account wasnt removed when I logged out and back in and wasnt even removed when I did a reboot. It was only removed when I did another gpupdate /force :(

    I know these updates are periodic and it would have probably updated by itself eventually and cleared out this extra group but is there any way to control how often it refreshes a policy like this?
     
  2. Saundie

    Mobster

    Joined: 9 Oct 2008

    Posts: 2,994

    Location: London, England

    It's been a while since I've had to deal with this, but if my memory serves me correctly, the default refresh interval is 90 minutes. It is possible to change the interval, however; check out this article for more information.
     
  3. Phal

    Mobster

    Joined: 19 Jul 2004

    Posts: 4,089

    Location: Shoreham by Sea

    Ta :)
     
  4. BlueMhz

    Gangster

    Joined: 4 Jan 2003

    Posts: 158

    Location: London