Good afternoon all!
Please go easy as this is my first post...
I'm trying to set up Restricted Groups using "Member of" which will remove everyone out of the admin group and add the groups I define... (as I'm sure you all know). The GPO applies like it should so now I am trying to set it so that it will not apply to a Group, ex. "Local Admins", containing computer accounts.
My main question is how would I set it so that the GPO will apply to all users/computers and deny group policy to the computers in the "Local Admin" group?
I currently have Authenticated users in the Security Filtering of the GPO, and set the Local Admin group to deny read and apply policy, yet members of the group are still applying the policy. Does "Deny" override Authenticated Users? It doesn't appear so...
...Suggestions maybe for using another group for all computers? Or how to get it to deny to this Local Admin computer group?
Thanks!!!! :)