[gptalk] Re: access denied (security filtering)

  • From: "McDonald, William" <wmcdonald@xxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 14 Mar 2008 16:50:51 -0700

Thanks everyone for your help with this. It is working the way I want at
this time, and I feel I have a much greater understaning of the loopback
process and the effects of computer section vs. user section on terminal
servers. I'm still using "merge" for my loopback at this time, but I
will look into changing that to "replace". I'm not sure of all the
implications for doing that on the network I recently inherited. Thanks
again! 


 
 
Regards, 
Bill McDonald
Systems Administrator II          Ebara LogoEbara Technologies, Inc. 
51 Main Avenue 
Sacramento, CA 95838 
Direct: (916) 923-7865 
Fax: (916) 920-5066 

wmcdonald@xxxxxxxxxxxxx         
 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Thursday, March 13, 2008 6:44 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: access denied (security filtering)

Hi Tan-
Computers that are not part of the domain cannot participate in
domain-based GP at all. However, I'm not clear on what you are saying
below. It sounds like you are saying that users logging into your TS
servers are doing so from machines not in the domain. That is ok as long
as they have user accounts in the domain. In those cases, the loopback
GPO (and any other per-user GPOs that apply to the TS boxes will apply
to those user accounts as long as you are not filtering those users away
via group membership (e.g.
by default all users will get per-user loopback policy if you've left
Authenticated Users as the ACE on the GPO).

Darren

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of tan hs
Sent: Thursday, March 13, 2008 6:39 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: access denied (security filtering)

Hi All,
I think I am having the same problem as Bill.  I have my last post on
this tread "Windows Server 2003 R2 SP2 GPO Access denied (security
filtering)" if you can copy and paste the html at the bottom you should
more clearer picture what Bill is facing.
As Daren said, "....create a group that includes the TS computers,....",
I think it will solve the problem because instead of putting all TS
computers, I tried put in the TS name into the filtering, yes it works.
But question is, not all TS users computers joined to the domain? I did
tried without joining the computer to the domain and the computer won't
appears in the selection list of the filter.  How could we overcome this
issue?
Thank you.
Tan
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: