RE: Filtering GPO
From: Panicking in Prince George (PanickinginPrinceGeorge_at_discussions.microsoft.com)
Date: 02/18/05
- Next message: Troy Bruder: "Re: Applying a GPO to a Group, not user.."
- Previous message: Corné Bogaarts: "Re: automatically log off users logon time not working"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 18 Feb 2005 10:03:03 -0800
Hello Mikecl
When filtering the security group for the Domain Admins, you still need to
allow them Read to be able to actually modify the GPO. Simply Denying them
Apply Group Policy is all that is required to ensure this GPO does not apply
to them.
Cheers, Paul
"Mikecl" wrote:
> Hi,
>
> I have created a specific OU for Our terminal Servers and applied a policy
> to the OU. Our users are not members of this OU so I configured loopback
> processing (replace Mode) and the appropriate user settings on the GPO.
>
> Once the Policy is applied all users (including the Domain Admins) get the
> policy applied which I believe to be correct.
>
> If I want to prevent that policy from being applied to the Domain Admins so
> I can reboot the server etc I tried filtering according to security group by
> changing apply group = deny and read=deny but then I am unable to make
> changes to the GPO itself or disable it.
>
> The other issue I have is there are some users from different NT4 domains
> that will want access to the terminal server a couple of issues that occur
> are that they get the error logon interactive message unless I put them into
> the Remote Desktop Users Group and the GPO settings do not apply which is
> not surprising. We are in the process of Migrating to AD so I can put up
> with the NT problem if as I suspect there is no easy solution.
>
> Ideas Gratefully received
>
>
>
- Next message: Troy Bruder: "Re: Applying a GPO to a Group, not user.."
- Previous message: Corné Bogaarts: "Re: automatically log off users logon time not working"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
