Hello Folks! @Guido here.
This is my very first blog and I'd like to share with you how we can add or remove members from FSLogix local groups using a GPO.
There are often users, such as local administrators, that have profiles that should remain local. During installation, four user groups are created to manage users who's profiles are included and excluded from Profile Container and Office Container redirection.
FSLogix include or Exclude groups allow us to add or exclude members from FSLogix service so the users can get the default local profile instead using a FSLogix container.
Adding or removing member of a Local Groups is extremely easy on a few machines but what happens if you have deployed hundred or thousands of machines? Here where Restricted Groups comes into play.
Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups:
Using the "Members" Restricted Group Portion of Policy
When a Restricted Group policy is enforced, any current member of a restricted group that is not on the "Members" list is removed with the exception of administrator in the Administrators group. Any user on the "Members" list which is not currently a member of the restricted group is added.
Using the "Member Of" Restricted Group Portion of Policy
Only inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box.
Then add the members in Members of this group
Note: Adding members in Members of this Group option will be deleting other local members if they already exist. If you want to keep the existing members, just add the members under This group is member of option
You can validate it from client machine local group side.
Hope you find this useful and informative.
Keep in touch.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.