To enforce membership of a local account on the computer, add the exact name of the local account on the computer you want to enforce membership. Don't add the domain account by browsing the domain.
This is a explicit tool and removes other existing memberships not specified in the restricted groups.
add all the members required. Domain admins will be removed if not specified.
Exception is the Local administrator group will be always a member.
Another method is using local user and groups group policy
No comments:
Post a Comment