Well I used to think the same thing - you live and learn eh? :) With this in mind this means your GPOs for an OU can be :- GPO_Server (with the loopback set) - user settings disabled GPO_Usera (with machine settings disabled) GPO_Userb (with machine settings disabled) GPO_Userc (with machine settings disabled) GPO_Userd (with machine settings disabled) Etc. It'd work if you set the machine settings for each of the user GPOs - but its not needed. If you create a single 'server' gpo you can then disable the server component for each of the user GPOs - so improving the performance of the user gpos. And, remember, the server settings are going to have been applied before the users log on. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeremy Saunders Sent: 21 September 2006 14:51 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Registry Key to deny internet access There you go. I didn't know that. I thought it was per GPO. I've always set loopback processing on all GPO's applied to the same OU. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 2, 1060 Hay Street West Perth WA 6005 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 M: TBA E-mail: jeremy.saunders@xxxxxxxxxxx "Jeff Pitsch" <jepitsch@xxxxxxx om> To Sent by: thin@xxxxxxxxxxxxx thin-bounce@freel cc ists.org Subject [THIN] Re: Registry Key to deny 21/09/2006 09:42 internet access PM Please respond to thin@xxxxxxxxxxxx g You are absolutely correct Andrew. You only need 1 GPO with loopback processing enabled. That OU and any OU underneath it would then be set to loopback processing. Jeff Pitsch Microsoft MVP - Terminal Server Provision Networks VIP Forums not enough? Get support from the experts at your business http://jeffpitschconsulting.com On 9/21/06, Andrew Wood <andrew.wood@xxxxxxxxxxxxxxxx> wrote: I was under the impression that you only needed to apply 1 GPO with loopback processing enabled. As that settings applies to the machine - all other GPO policies being run on that server would run in the loopback mode specified. This way you can have a 'server' GPO - which enables the loopback processing (but has no user settings). Then a number of 'user' GPOs - which each don't have/need the server setting applied as its already been done in the server GPO. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto: thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeremy Saunders Sent: 21 September 2006 14:06 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Registry Key to deny internet access Sure David. You can create multiple group policies (with loopback processing enabled) and give them higher priority than your default settings. Then just apply these policies to different user group and place the users in these groups. This way different sets of users can have different proxy settings. Cheers. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 2, 1060 Hay Street West Perth WA 6005 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 M: TBA E-mail: jeremy.saunders@xxxxxxxxxxx David <dmauri@xxxxxxxxx > To Sent by: thin@xxxxxxxxxxxxx thin-bounce@freel cc ists.org Subject [THIN] Re: Registry Key to deny 21/09/2006 08:43 internet access PM Please respond to thin@xxxxxxxxxxxx g Charles Fraser escribió: > There are 2 easy ways to do this by GPO. The 1st is User Configuration > > Windows Settings > Internet Explorer Maintenance > Connections > > Proxy Settings. Check the Enable Proxy Settings box, for the proxy > server address choose 10.0.0.1 Check Use same proxy server for all > addresses and un-check Do Not Use Proxy Server for intranet addresses. > I use this for several classes of users and it works well. The > advantage of doing it in this manner is that in the event you need to > add sites to allow these users to go to you can add them to the > exception list. > > The second way is do dis-allow iexplore.exe via GPO. That policy is > located in User Configuration > Administrative Templates > System > > Don't run specified Windows applications. Then you would enable that > policy and add iexplore.exe. > > > There are also 3rd party applications like app-sense that you can use > as well but I think the GPO method will work for you. > > > Charlie > ***************** > Yes, I have implemented this GPO. But, only applied in the server's farm. Also I have implemented 'Loopback processing mode', so the GPO only is applied when the user are looged into a server. If I change the proxy settings I'm changing the settings for the server, included all the users connected there. So, the question is if there is any way to setup 'MANUALLY', the proxy settings per user inside registry. David. ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************