[gptalk] Re: Apply GPO to Computers Only
- From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Tue, 12 Dec 2006 08:27:37 -0800
The GPO that enables the loopback setting needs to be linked to computers
because it's a Computer Configuration option. That will enable loopback on
those computers. If you on that same GPO, you also set the user
configuration options you want, then that GPO has to be permissioned such
that the users you want to read it, can.
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Buonora, Craig (GE, Research, consultant)
Sent: Tuesday, December 12, 2006 8:23 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Apply GPO to Computers Only
Sorry I was a little confused on that. I added Domain Users to the policy to
Read and Apply, although I only want this to apply to 5 machines. What
loopback option are you saying to choose and does it matter what OU I link
this on, Users or Computers?
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Monday, December 11, 2006 4:08 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Apply GPO to Computers Only
Yes. Its just a matter of using your security filters correctly. Your
loopback GPO needs to grant only the computers and users who you want to
process this policy, the read an apply gp rights, and no others.
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Buonora, Craig (GE, Research, consultant)
Sent: Monday, December 11, 2006 12:04 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Apply GPO to Computers Only
Darren thanks for the response, this GPO is to prevent users from mapping
drives. What I need to configure is to prevent any user that logs on to a
group of 5 machines [except 1 or two admins] from right-clicknig on My
Computer - Map Network Drive. Just 5 machines, not the entrie Domain and I
do NOT want to create a seperate OU for this. Can this be done?
Thanks,
Craig
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Friday, December 08, 2006 10:49 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Apply GPO to Computers Only
So you have a GPO that contains some logon script and sets loopback? I
suspect the problem is that you've removed authenticated users, added the
computer accounts, which is fine, but no users can read the user portion of
the loopback GPO when they logon. You might try granting Read and Apply GP
to the "Domain Users" group. That allows users to read the GPO but not
other computers.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Buonora, Craig (GE, Research, consultant)
Sent: Thursday, December 07, 2006 12:59 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Apply GPO to Computers Only
I had another issue come up where I need to apply a User configuration item
[remove map network drive] to about 6 computers in my Domain. I created the
GPO, remove the Authenticated Users element from the delegation - Advance
tab, and added my machine names, and click Read and apply for the
permissions to each. I also included Loopback Processing to Merge with this,
I used merge and replace. I cannot get this policy to apply. This needs to
be set on 6 machines that are used by the public and I do not want to do
this locally as I would like to exclude eventually some NT accounts from the
policy so they can log on and do some admin functionality that involves
mapping drives.
Thank again in advance for the help.
Craig M. Buonora
GE Global Research Center
CompuCom Systems, Inc.
Network Services Engineer II
T 518.387.6664
F 518.387.7427
D *833-6664
E buonora@xxxxxxxxxxxxxxx
One Research Circle
Building KW Room C153
Niskayuna, New York 12309
www.ge.com <http://www.ge.com/>
Other related posts:
