Re: Loopback policies - Domain admins ??

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Chriss3 (noSpamHere_at_chrisse.se)
Date: 02/04/04 

Date: Wed, 4 Feb 2004 21:44:51 +0100

You have to filter the scope of Group Policy according to security group
membership

  1.. Open the Group Policy object whose scope you want to filter.
  2.. In the console tree, right-click the icon or name of the Group Policy
object, and then click Properties.
  3.. Click the Security tab, and then click the security group through
which you want to filter this Group Policy object. If you want to change the
list of security groups through which to filter this Group Policy object,
use the Add and Remove buttons to add or remove security groups.
  4.. In the Permissions box for the selected security group, select or
clear the appropriate check boxes to set permissions as shown in the
following table, and then click OK.

  I recommend you to deny apply policy for Domain Admins Group. 

-- 
Regards,
Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1
"Chris" <anonymous@discussions.microsoft.com> skrev i meddelandet
news:a03901c3eb37$40c903b0$a501280a@phx.gbl...
> Hi,
>
> We use loopback policies on the laptops within our
> company, so that we can have the laptops less locked down
> than the desktops within the company.  Basically the
> loopback policy forces alternate user settings on the
> computer as oppose to the user that logs in.
>
> This works well, but it also locks down the Domain Admins
> which I'd like to stop happening. It can be a hassle
> trying to administrate them if you're locked down to the
> same extent as your users.
>
> Does anybody know how to stop the loopback affecting
> Domain Admins?
>
> Chris
>
>
Quantcast