Re: Applying user object policy (filtering based on computer location)
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 19 Oct 2007 23:10:43 -0700
The security group filtering of the loopback GPO must also
allow the computers. In your example, as only LA Employees
should have the GPO applied via loopback when logging into
the computers in NY Desktops OU, you could add the group
Domain Computers (in addition to LA Employees) to the GPO's
security group filtering. In that way, only the LA Employees
will have the loopback GPO applied when they log into any
of the machines in that OU. If one wanted a loopback GPO to
apply to any user logging into any machine in the OU then one
could just leave the security group filtering at its default of
Authenticated Users. If only a subset of the machines in the
OU should do this, then one would need to either make a new
subOU or define a security group for use in filtering whose
members are the machines that should apply the loopback GPO.
"jm" <jm@xxxxxxxxx> wrote in message
news:O7kttCNEIHA.1056@xxxxxxxxxxxxxxxxxxxxxxx
Roger,
Thank you very much for your response - Not sure why I did not think of
using Loopback mode.
Ok. So I have tried it but am running into some challenges.
I have a OU called "NY DESKTOPS" - I created a new policy and enabled
Loopback processing mode (Merge). In the same policy, I enabled Active
Desktop and set the path for the HTML page. I have this policy set to
only apply to users from LA - i.e. LA Employees.
In the "NY DESKTOPS" OU there is another policy linked that applies to
'AUTHENTICATED USERS" This is the standard gpo for my NY desktops.
So in total, there are two gpo's linked to this OU.
So when I log into a computer (i'm in the LA employee group), i do not get
the settings.... Any idea why?
Thanks again.
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:uD6Z0qGEIHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
"jm" <jm@GMAIL> wrote in message
news:53E28875-24FE-4EDF-B051-D15C6CCB140B@xxxxxxxxxxxxxxxx
Hello Everyone.
I am trying to set a standard desktop background for certain users. I
have the part working....
What I can't see to get around is that I don't want this to happen to
all my users. Just to users how are visiting from a different branch
office. Do I need to use a WMI filter? If so, can anyone help me with
Query design?
Basically, I do not want the policy to apply if IP Address begins with
172.22. -- make sense?
No, I cannot really follow your statements.
If you want certain user policies to apply for a specific set of
user accounts but only when they are logging onto a particular
set of computers, then you would use a GPO set for loopback
processing. Such a GPO is linked so that the set of computers
is within its scope, and the security group filtering needs to be
such that only those computers and only the users you desire to
impact have read/apply of the GPO.
Search on GPO loopback
Roger
.
- Follow-Ups:
- Re: Applying user object policy (filtering based on computer location)
- From: Mark Renoden [MSFT]
- Re: Applying user object policy (filtering based on computer location)
- References:
- Prev by Date: Re: Applying user object policy (filtering based on computer location)
- Next by Date: Stand-alone (non-networked) computer - restrict one account but not another
- Previous by thread: Re: Applying user object policy (filtering based on computer location)
- Next by thread: Re: Applying user object policy (filtering based on computer location)
- Index(es):
Relevant Pages
|
