From b970f8dc2db128f7593a3ccf14774410ba1a8614 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 19 Mar 2020 11:45:31 -0700 Subject: [PATCH] minor updates --- windows/client-management/mdm/policy-csp-restrictedgroups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 37921c714c..45f5805676 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -138,7 +138,7 @@ Here's an example: ``` where: - `` contains the local group SID or group name to configure. If an SID is specified here, the policy uses [LookupAccountName](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API to get the local group name. For best results, use names for ``. -- `` contains the members to add to the group in ``. If a Name is specified here, the policy will try to get the corresponding SID using [LookupAccountSID](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API. (Note: This doesn't query Azure AD). For best results, use SID for ``. Groups can be renamed and account name lookups are limited to AD/local machine, so SID is the best and most deterministic way to configure. +- `` contains the members to add to the group in ``. If a name is specified here, the policy will try to get the corresponding SID using [LookupAccountSID](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API. (**Note:** This doesn't query Azure AD). For best results, use SID for ``. As groups can be renamed and account name lookups are limited to AD/local machine, hence SID is the best and most deterministic way to configure. The member SID can be a user account or a group in AD, Azure AD, or on the local machine. Membership is configured using [NetLocalGroupSetMembers](https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netlocalgroupsetmembers) API. - `Group1` and `Group2` are group locals on the device being configured.