[gptalk] Re: access denied (security filtering)
- From: "McDonald, William" <wmcdonald@xxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Thu, 13 Mar 2008 12:04:40 -0700
Darren,
You have it right. I have loopback in the 1st GPO attached to the TS OU.
That is applying correctly as long as the scope includes authenticated
users. In fact, all of my GPOs in this OU will work if I include
authenticated users in the scope, but if I remove authenticated users
and substitute with any other group or user, it fails.
Regards,
Bill McDonald
Systems Administrator II Ebara Technologies, Inc.
51 Main Avenue
Sacramento, CA 95838
Direct: (916) 923-7865
Fax: (916) 920-5066
wmcdonald@xxxxxxxxxxxxx
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Thursday, March 13, 2008 11:06 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: access denied (security filtering)
Only one GPO needs to set loopback Bill. So if I understand correctly,
you have a GPO setting loopback and then another GPO, linked to the TS
OU, that is permissioned for a particular group and setting some user
configuration settings, and that 2nd GPO is not applying to users
logging into those TS boxes due to security filtering?
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of McDonald, William
Sent: Thursday, March 13, 2008 10:52 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: access denied (security filtering)
Hi John,
Thanks for the input. I created a separate loopback gpo in the ts ou and
applied to authenticated users and set replace mode. no other changes in
this gpo. Unfortunately I have the same result for any other gpo in the
ts ou that is applied to any more restrictive group that authenticated
users. For both a single user, or a global security group with users in
it I get the access denied (security filtering) error. Do my other gpos
for the ts also need loopback inabled, or will the one loopback gpo take
care of this?
Thanks again,
Regards,
Bill McDonald
Systems Administrator II
Ebara Technologies, Inc.
51 Main Avenue
Sacramento, CA 95838
Direct: (916) 923-7865
Fax: (916) 920-5066
wmcdonald@xxxxxxxxxxxxx
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of jpsalemi@xxxxxxxxxxxxxxxxxxx
Sent: Thursday, March 13, 2008 9:35 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: access denied (security filtering)
Hi Bill,
The terminal server is a member of authenticated users, that's why that
works. You could also apply the policy directly to the machine name,
same result.
If your users are separated, which is sounds like they are, the easiest
way to do this is to have a loopback applied to authenticated users, in
replace mode. Leave the user section blank. Then you can add user type
policies over your terminal server OU, that will apply to different
groups of users using filtering the way you are trying to.
Hope this helps,
John
"McDonald, William" <wmcdonald@xxxxxxxxxxxxx>
Sent by: gptalk-bounce@xxxxxxxxxxxxx
03/12/2008 05:55 PM
Please respond to
gptalk@xxxxxxxxxxxxx
To
<gptalk@xxxxxxxxxxxxx>
cc
Subject
[gptalk] access denied (security filtering)
All,
I am trying to apply a gpo on a terminal server to an individual or
small group of users. I have loopback set, but my gpo will only work if
I put 'authenticated users' in the scope. Any other group or user gets
'access denied (security filtering)' when you test the GPO in modelling.
The terminal server belongs to a TS OU, and that is where my GPO is
linked. Anyone see this before?
Regards,
Bill McDonald
Systems Administrator II
Ebara Technologies, Inc.
51 Main Avenue
Sacramento, CA 95838
Direct: (916) 923-7865
Fax: (916) 920-5066
wmcdonald@xxxxxxxxxxxxx <mailto:wmcdonald@xxxxxxxxxxxxx>
Other related posts:
