[gptalk] Re: User Hive settings set during logon....
- From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Tue, 11 Mar 2008 12:36:03 -0500
Actually, this is not necessary if you link at the AD Site level. You
would have to have 2 GPOs (1 to enable, 1 to disable). Link each
"disable" GPO to every AD Site, and the "enable" GPO (with security
filtering) to only the AD Sites you want. You will of course have to
change the link order so that the enable GPO wins out if it passes
security filtering.
Don't know why that didn't hit me at first, but it is an option.
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: Tuesday, March 11, 2008 12:23 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User Hive settings set during logon....
You might be able to do something like that by querying
Win32_Environment and looking at the %LOGONSERVER% variable. You
wouldn't directly be able to get the site name, but you check and see
which DC they are authenticated to.
SELECT * FROM Win32_Environment WHERE Name = "LOGONSERVER" AND
(VariableValue = "DC1" OR VariableValue="DC2")
Something like that may work for you.
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Smith, Brad
Sent: Tuesday, March 11, 2008 12:05 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User Hive settings set during logon....
What I want to achieve is to enable LCS Video conferencing for a limited
group of users (simple enough application of security filtering) but
only when they are authenticated to a site from a list of appropriate
sites. So the logic would be:
if the user is in "Enable LCS Group" <-- Handled by security filtering
AND the user has logged into "Site_Permitted_For_LCS_Video" <- Handled
by vbscript
then enable it, <- Here lies the problem, as the user doesn't have
permission to this key (quite rightfully so I agree)
Else
leave it as it is.
The perfect solution would be to evaluate the site via WQL and filter
the GPO on that, is getting the site name back from a WQL query
possible?
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: 11 March 2008 16:49
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User Hive settings set during logon....
Right. That's on purpose! Users should not be able to modify their
policy settings, otherwise Group Policy would be fairly useless J
I'm curious why you want users to be able to modify these settings?
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Smith, Brad
Sent: Tuesday, March 11, 2008 9:21 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User Hive settings set during logon....
I would of thought so too, and thought this task would be a no brainer,
check HCU\Software\Policies\Microsoft\Communicator on a XP SP2 build, it
is definitely set to read only for the user.
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R
Sent: 11 March 2008 15:54
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: User Hive settings set during logon....
That doesn't sound right. If it is in HKCU the user should (by default)
be able to modify it.
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Smith, Brad
Sent: Tuesday, March 11, 2008 10:49 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] User Hive settings set during logon....
All,
Is there a way to configure permissions on registry key in the HKCU
hive? I want to run a startup script that modifies a key in this hive
from the user portion of the GPO, but the user only has read only access
to it by default. Any ideas?
TIA,
Brad
This email and any attached files are confidential and copyright
protected. If you are not the addressee, any dissemination of this
communication is strictly prohibited. Unless otherwise expressly agreed
in writing, nothing stated in this communication shall be legally
binding.
The ultimate parent company of the Atkins Group is WS Atkins plc.
Registered in England No. 1885586. Registered Office Woodcote Grove,
Ashley Road, Epsom, Surrey KT18 5BW. A list of wholly owned Atkins Group
companies registered in the United Kingdom can be found at:
http://www.atkinsglobal.com/terms_and_conditions/index.aspx.
<http://www.atkinsglobal.com/terms_and_conditions/index.aspx>
P Consider the environment. Please don't print this e-mail unless you
really need to.
This message has been scanned for viruses by MailControl
<http://bluepages.wsatkins.co.uk/?6875772>
________________________________
This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply).
________________________________
This email and any attached files are confidential and copyright
protected. If you are not the addressee, any dissemination of this
communication is strictly prohibited. Unless otherwise expressly agreed
in writing, nothing stated in this communication shall be legally
binding.
The ultimate parent company of the Atkins Group is WS Atkins plc.
Registered in England No. 1885586. Registered Office Woodcote Grove,
Ashley Road, Epsom, Surrey KT18 5BW. A list of wholly owned Atkins Group
companies registered in the United Kingdom can be found at:
http://www.atkinsglobal.com/terms_and_conditions/index.aspx.
<http://www.atkinsglobal.com/terms_and_conditions/index.aspx>
P Consider the environment. Please don't print this e-mail unless you
really need to.
This message has been scanned for viruses by MailControl
<http://bluepages.wsatkins.co.uk/?6875772>
This email and any attached files are confidential and copyright
protected. If you are not the addressee, any dissemination of this
communication is strictly prohibited. Unless otherwise expressly agreed
in writing, nothing stated in this communication shall be legally
binding.
The ultimate parent company of the Atkins Group is WS Atkins plc.
Registered in England No. 1885586. Registered Office Woodcote Grove,
Ashley Road, Epsom, Surrey KT18 5BW. A list of wholly owned Atkins Group
companies registered in the United Kingdom can be found at:
http://www.atkinsglobal.com/terms_and_conditions/index.aspx.
<http://www.atkinsglobal.com/terms_and_conditions/index.aspx>
P Consider the environment. Please don't print this e-mail unless you
really need to.
________________________________
This e-mail may contain identifiable health information that is subject
to protection under state and federal law. This information is intended
to be for the use of the individual named above. If you are not the
intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited and may be
punishable by law. If you have received this electronic transmission in
error, please notify us immediately by electronic mail (reply).
________________________________
Other related posts:
