[gptalk] Re: group policy security filtering

• From: "Johnson, Matthew" <mjohnson@xxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Fri, 4 May 2007 16:26:47 -0400

Thanks Steven and Omar,

 

                I did just apply the security filtering to the Global
groups for now.  We are running in 2000 Mixed mode and I came across a
good windowsITpro article explaining the differences (including support
for nested groups).
http://www.windowsitpro.com/Articles/ArticleID/7156/7156.html?Ad=1

 

We plan on raising It in the near future, so I'll try it again then.

Thanks for your help.

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Omar Droubi
Sent: Friday, May 04, 2007 2:03 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: group policy security filtering

 

I would recommend that you check to see if you can raise your domain
functionality to Native Mode then change this domain local group to a
global group or a universal group and things should work as desired.
With native mode group nesting is much more flexible

 

If you cannot change the domain to native mode- just change the security
filtering- not WMI filtering to apply the GPO to all of the global
groups you want that policy to apply to.

 

Omar

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Steven
Sent: Thursday, May 03, 2007 5:13 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: group policy security filtering

 

As long as the access denied if from Security Filtering, that is exactly
how you should be applying your policies. managing them by group makes
life a lot easier. i do have a question though, are you using WMI
queries in your scripts, or anywhere else in your domain? Depending upon
any added security specifically for WMI you should not need to do this. 

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Johnson, Matthew
Sent: Thursday, May 03, 2007 1:55 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] group policy security filtering

 

I created a Domain Local Group and added it to the WMI Security
filtering of my GPO.  I then added several other Global groups as
members of that Domain Local Group.

 

When I try logging in as a user who is a member of one of those Global
Groups, Group Policy Results says that Access is Denied to the GPO.

 

I set it up this way so that I can apply GPO's by just adding a group to
another group.  

 

Can this even work?

 

Thanks - MJ

 

CONFIDENTIALITY STATEMENT: This electronic message contains information
from Fisher-Titus Medical Center and may be protected health information
or other confidential and privileged information under law.  The
information is intended to be for the use of the individual or entity
named above.  If you are not the intended recipient, be aware that any
disclosure, copying, distribution or use of the contents of this message
is prohibited. If you have received this electronic message in error,
please notify the sender immediately by reply e-mail or telephone at
419/668-8101.

• References:
  • [gptalk] group policy security filtering
    • From: Johnson, Matthew
  • [gptalk] Re: group policy security filtering
    • From: Omar Droubi

Other related posts:

• » [gptalk] group policy security filtering
• » [gptalk] Re: group policy security filtering
• » [gptalk] Re: group policy security filtering
• » [gptalk] Re: group policy security filtering

1. Home
2. gptalk
3. Archive
4. 05-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---