Posted win Windows 7 forum at http://tek-tips.com/viewthread.cfm?qid=1686855
but as this relates to a GPO from a W2K8R2 server to a Win7 computer it may be best suited in this forum.
I have a W2K8R2 domain and ~800 XPSP3 desktops. There are numerous GPOs, one of which uses the Computer Configuration/Policies/Windows Settings/Security Settings/Restricted Groups
setting to add an AD group to the BUILTIN\Administrators
local group. This works fine on XP but not W7.
After some Googling I found another way of doing it so I created a new GPO, put a W7 VM into a test OU and applied the GPO to it. This GPO uses the Computer Configuration/Preferences/Control Panel Settings/Local Users and Groups/Group[ (Name: Administrators (built-in))/Administrators (built-in)(Order:1)/Local Group
setting to do the same thing (Googling about it tells me this is a better way of doing it than Restraicted Groups) but this fails to apply to my W7 computer.
Group Policy Results wizard tells me the GPO was successfully applied. But if I edit the properties of the local Administrators group on the W7 machine it doesn't list the group that I added with the GPO.
Is there something different about W7 and how this GPO works?