Restrict AD security group additons

Hello, I have been looking around for the best way to lock down an AD security group so that help desk users for instance, cannot add users to a specific AD group. So if I had a group called "secure_...

Active Directory

groups

security

Harm_Veenstra
Feb 24, 2022
charlie4872 You could just block the group Full Control on the AD security group, chosse Deny for Full Control first and then choose Allow Read. The Helpdesk can see it, but not modify it. You can add other groups too of course and grant them Full Control on the gorup.

Harm_Veenstra

MVP

Feb 24, 2022

charlie4872 You could just block the group Full Control on the AD security group, chosse Deny for Full Control first and then choose Allow Read. The Helpdesk can see it, but not modify it. You can add other groups too of course and grant them Full Control on the gorup.

charlie4872
Brass Contributor
Mar 01, 2022
That works. Thanks Harm_Veenstra

Forum Discussion

Restrict AD security group additons

Share

Resources