What is the aim of the Restricted Group that appears in Group Policy in Windows 2000?
Use the Restricted Group setting to control which user accounts are members of groups. By adding a group to Restricted Group, you control the membership of the group. By placing user and group accounts within the group at this location, you are designating the group membership. If group membership is changed at the local level, when Group Policy next refreshes, those group members will be removed. You can also force membership at the local level by placing members in the group within the group which has be entered in the restricted group container.
This is a way for domain admins to prevent a local administrator from modifying local group membership.