[gptalk] Re: Applying Computer Policies based on User

  • From: Nick Smith <nick@xxxxxxxxxxxxxxxxxx>
  • To: "'gptalk@xxxxxxxxxxxxx'" <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 21 Apr 2008 23:19:00 +0100

Ok, I'm trying to this another way: I've linked the GPO to the TS OU . This 
applies fine. I then tried filtering it by removing Authenticated Users and 
adding the users I want it to apply to - doesn't apply. So I tried going the 
other way, putting back in Authenticated Users and then putting in one of the 
people I don't want the GPO to apply to, going to Advanced Settings and Denying 
(in Permissions) Apply Policy. This doesn't seem to work as the GPO applies 
even though I have deny in there.

I'm clearly fundamentally misunderstanding something about permissions in GPOs 
- can anyone point me in the right direction?

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Nick Smith
Sent: 21 April 2008 16:29
To: 'gptalk@xxxxxxxxxxxxx'
Subject: [gptalk] Applying Computer Policies based on User

I want to apply a computer policy (Specifically \Admistrative templates\Windows 
Components\terminal Services\Client\Server data redirection\ Do not allow 
driver redirection) based on User - some users should be locked down to prevent 
them redirecting their drive.

I understand that loopback policy can be used to do this the other way - IE 
Apply a user policy based on Computer, but don't seem to be able to find a way 
to do this.

I'm sure it's one of these thing that are so simple no one mentions it, but 
I've been banging my head away for a while now, so any help would be greatly 


Other related posts: