Re: Groop Policy Loosing its marbles...
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 01/20/05
- Next message: Lanwench [MVP - Exchange]: "Re: Disable File and Print Sharing on Workstation question."
- Previous message: Cary Shultz [A.D. MVP]: "Re: Replacing original PDC"
- In reply to: Cary Shultz [A.D. MVP]: "Re: Groop Policy Loosing its marbles..."
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 19 Jan 2005 21:01:43 -0500
Can not seem to spell tonight..
That should have been 'would not be affected by this lockdown GPO!'.
-- Cary W. Shultz Roanoke, VA 24014 Microsoft Active Directory MVP http://www.activedirectory-win2000.com http://www.grouppolicy-win2000.com "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message news:ORZ91Kp$EHA.3988@TK2MSFTNGP11.phx.gbl... > Looks like Ryan is going to address the issues that you are having with > the current setup. I might have an alternative suggestion on how you > could do things. > > Have you thought about using a lockdown GPO? Most likely in Replace > mode.... > > You would simply put the computer account objects in the test OU and link > the GPO to that OU. This way it does not matter who logs on to those > computers - they will be in lockdown mode. Naturally, you would set it up > so that the Domain Admins ( or whatever ) would not be affected buy this > lockdown GPO! > > -- > Cary W. Shultz > Roanoke, VA 24014 > Microsoft Active Directory MVP > > http://www.activedirectory-win2000.com > http://www.grouppolicy-win2000.com > > > > "Nathan Truhan" <ntruhan@nospam.nospam> wrote in message > news:11EE60D6-5234-4B65-91C7-0B0DAF6E0FA0@microsoft.com... >> All, >> I am stumped here.. >> I have 7 computers in a Training OU that are for student use. 5 in our >> lab >> and 2 at our counter. >> I have three policies defined for that OU and I have Block Inheritance >> turned on, which all three set to be enforced and having the training >> user >> below added to read them implicitly along with >> authenticated users. >> >> 1) Rename Administrator (Computer Policy) <- Renames Administrator >> 2) Automatic Logon (Computer Policy) <- Automatically logs onto the PC >> with >> a user called kent\training, which I created under our REGISTRARS OU >> 3) Training Machine Policy (User Policy) <- Lock the machine down for web >> access only, no drive access, etc... >> >> This was previously working fine, however something has changed and I am >> not >> sure what. because only 1 and 2 are applying. >> When I run a Resultant Set of Policy on the training PC's, under the >> computer properties, I see all three listed, however >> under user properties, none of the three are listed, and instead I see >> the >> ones from the OU one level above (Which is also where the training user >> resides), which >> include a Firewall setting, Folder redirection and others. >> >> I have block inheritance on, and it seems to work with the computer >> settings, but it is not working with the user settings? (Allowing upper >> Policies (none non blocking) to apply). >> Any idea how I can get the third policy to reapply itself? >> >> Thanks, >> Nathan > >
- Next message: Lanwench [MVP - Exchange]: "Re: Disable File and Print Sharing on Workstation question."
- Previous message: Cary Shultz [A.D. MVP]: "Re: Replacing original PDC"
- In reply to: Cary Shultz [A.D. MVP]: "Re: Groop Policy Loosing its marbles..."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
