We have a process where I work, where any changes to active directory GPOs are performed on test servers, backed up and then the backups applied to the live AD.
I'm in the process of amending a GPO where I want to specifically add in a user rights assignment for a user account that'll exist locally on the member servers that the GPO will apply to.
I've tried adding the word BUILTIN to the front of that user, I've tried using migtables, I've tried creating the user on the domain (but that ends up as trying to apply the user rights to the domain user of that name if he exists..).
Not sure what to do, Googling comes up with a lot of results that don't tend to lead anywhere for this scenario (local, user, group, policy all very common terms together).
Any suggested way of doing this?
Best Answer
Perhaps, you can try the following:
Description of Group Policy Restricted Groups
This is mentioned in the article if you follow the link:
Restricted Groups is a client configuration means and cannot be used with Domain Groups. Restricted Groups is designed specifically to work with Local Groups.