Re: Block Policy Inheritance does not work
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/11/05
- Next message: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- Previous message: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- In reply to: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- Next in thread: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- Reply: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 11 Feb 2005 03:28:30 -0600
Make sure the policies you are trying to block are "user configuration". At
least some of what you describe is computer configuration I believe. You can
not block "computer configuration" policy on a per user basis. If it is
indeed user configuration, another thing to try is to configure the GPO with
deny permissions for "apply" in the security properties for the group you
want to not have the policy apply to. See the link below on filtering of
Group Policy. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;322176 --- see
"how to filter scope".
"Brian Nielsen" <brian.heilmann@sletmig_wuerth.dk> wrote in message
news:%233yADZAEFHA.624@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> It is not domain password policy that I am trying to block (I know you
> cannot do that), but SUS server policies, proxy policies and so on. I have
> already installed GPMC on a XP machine, but the only thing I can se is
> that several policies is applied and none is blocked - at least not
> because og block policy inheritance.
>
> I have tried to create a new OU with block policy inheritance, but this is
> also not working.
>
> I'm not sure when this behaviour started, but after I have changed some
> policies it began, but I don't now what and where :-(
>
> I hope you can help.
>
> Best Regards
>
> Brian
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> skrev i en meddelelse
> news:%23WnlCc6DFHA.3908@TK2MSFTNGP12.phx.gbl...
>> One thought is that block inheritance will not block domain password
>> policy but should block "user configuration" settings in Group Policy.
>> Try running the preset tool while logged onto a computer as one of those
>> administrators to see what it reports. If you have a secured XP Pro
>> computer in the domain, install the GPMC on it which can be helpful when
>> troubleshooting Group Policy problems. You will have to logon to the XP
>> Pro computer as a domain admin to manage Group Policy for the domain from
>> it. --- Steve
>>
>> http://www.microsoft.com/windowsserver2003/gpmc/default.mspx -- GPMC.
>>
>> "Brian Nielsen" <brian.heilmann@sletmig_wuerth.dk> wrote in message
>> news:u4Su792DFHA.2824@tk2msftngp13.phx.gbl...
>>> Hi,
>>>
>>> I have a W2K domain with some policies. In the domain I have several OUs
>>> which should have the policies. But one OU - in where my admins are -
>>> should not have the policies. Therefore I have set the "Block Policy
>>> Inheritance" flag on that OU. But it is not working. Somehow when the
>>> administrator logs on any machine (server, workstation...) he gets all
>>> the policies. Why???
>>>
>>> I have checked if i have the "no override" option set somewhere - but
>>> no.
>>>
>>> Do you have any ideas?
>>>
>>> Best Regards.
>>>
>>> Brian
>>>
>>
>>
>
>
- Next message: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- Previous message: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- In reply to: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- Next in thread: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- Reply: Brian Nielsen: "Re: Block Policy Inheritance does not work"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
