Dell Unity: NAS server (cifs smb) Restricted group policy 'members of' is not applied when 'members' policy exists (User Correctable)

Summary: Unity CIFS NAS server-restricted group policy 'members of' is not applied if 'members' policy exists.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

When both 'members' and 'member of' restricted groups are set, only groups from 'members' policy are listed in computer management.

Cause

A behavior difference between windows server and unity NAS server group policies when both 'members' and 'member of' restricted groups are used.

Computer management: 
Unity NAS server    - domain group set as a member of local group does not show up as a member of local group, only groups from 'members' policy are listed.
Windows server     - lists groups from both policies as local group members

Resolution

A workaround is to apply a GPO closer to the NAS server that uses the exclusive member property for restricted groups with the needed group members and have it override higher-level policies.

Additional Information

Microsoft definitions: 
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/description-of-group-policy-restricted-groups This hyperlink is taking you to a website outside of Dell Technologies.
"Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups:
Members
Member Of

The Members list defines who should and should not belong to the restricted group.
The Member Of list specifies which other groups the restricted group should belong to."

Affected Products

Dell EMC Unity
Article Properties
Article Number: 000217943
Article Type: Solution
Last Modified: 11 Dec 2023
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.