ACL Local Groups

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I wanted to ristrict the local groups creation with minimum rights, which rights are at minimal needed for creating local groups.

thanx,

arjan

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I believe only administrators can create local groups on a computer. A power user can
create and manage users it creates. --- Steve

"arjan" <arjan@discussions.microsoft.com> wrote in message
news:BBAE380B-3ADA-4E08-B184-2E2AA59C4C50@microsoft.com...
> I wanted to ristrict the local groups creation with minimum rights, which rights
are at minimal needed for creating local groups.
>
> thanx,
>
> arjan

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

> I believe only administrators can create local groups on a computer. A power >user can create and manage users it creates.

So i can't create a global AD group which can create local groups, only if the are members of the local administrators group ?

arjan

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Global groups are created on domain controllers only and can be added to local groups
on domain members. So if I understand your question, then yes you must be a local
administrator to add domain global groups to a local group on that domain member or
it can be done with a startup script using Group Policy which runs in system context.
By default the domain admins are in the local administrators group on domain
embers. --- Steve


"arjan" <arjan@discussions.microsoft.com> wrote in message
news:59EAC601-CF9C-4866-A80E-9A03A8ECBD5C@microsoft.com...
> > I believe only administrators can create local groups on a computer. A power
>user can create and manage users it creates.
>
> So i can't create a global AD group which can create local groups, only if the are
members of the local administrators group ?
>
> arjan
>