Re: Controlling User Policy via Computer account

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

oops - I had a major lapse there
You do not need a subOU.
Since loopback processing is a machine policy you could
link the new loopback GPO on the original OU and use
security group processing so that it will apply to the
group of machines on which it should have an effect and
on the users for which it should be effective, after removing
the read/apply for Authenticated Users.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Roger Abell" <mvpNOSpam@xxxxxxx> wrote in message
news:u2FtzEfOFHA.624@xxxxxxxxxxxxxxxxxxxxxxx
> I see no way to do precisely that, at least not without
> OU restructure. If you would define a new subOU and
> move all machines except the exempt ones into the new
> subOU, and then link a GPO set to use loopback processing
> on the new subOU then you could effect the objective with
> minimum restructure/redef of existing OUs and GPOs.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Warner@xxxxxxxxxxxxxxxx"
<Warnernospampostalias@xxxxxxxxxxxxxxxxxxxxxxxxx>
> wrote in message
news:325DB1CD-5157-42B7-9EC4-46AAC125734D@xxxxxxxxxxxxxxxx
> > Is is possible to Apply a User Policy only if the Computer account is a
> > member of a security group?
> > I have a user policy that I want applied to all computers except a few.
I
> > would like to control this based on a security group rather than an OU.
> Is
> > this possible?
> >
> > Thanks,
> > Warner.
>
>


.

Relevant Pages

  • Re: Group Policy by user and machine
    ... how do I associate a local policy to a local group. ... "cjobes" wrote: ... security group in the AD, add those users to that group. ... machines on the shopfloor. ...
    (microsoft.public.windows.server.sbs)
  • Re: Group Policy by user and machine
    ... security group in the AD, add those users to that group. ... machines on the shopfloor. ... How to I restrict usage to certain machines to a certain group? ... Can I apply a specific policy for a certain group on a certain ...
    (microsoft.public.windows.server.sbs)
  • Re: Controlling User Policy via Computer account
    ... except that the policy I want to utilize is the ... > a GPO and security groups. ... >> You do not need a subOU. ... >>> move all machines except the exempt ones into the new ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy Best Practie - Many vs Few?
    ... set a specific policy value only as many times as necessary. ... and then link such copies to each subOU because ... printer via a logon script with a single action. ... Printer Deployment Policy -Global Configuration ...
    (microsoft.public.windows.group_policy)
  • Re: Granular AD security permissions
    ... My Domain - OU - subOU ... security group; but still be able to manage users in ANY other OU. ... I highlight the desired security group and I click EDIT ... "Create Advanced Security objects" and similar. ...
    (microsoft.public.windows.server.active_directory)