Re: help with loopback gp verses ad group
- From: "Sher" <Sher@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 8 Jul 2005 09:15:05 -0700
Hi Brandon,
I know I am probably making it harder but still don't understand loopback
configuration.
My problem is that I want that computer to receive all the settings in my
main gp except the screensaver setting. So are you saying create another gp
without the screensaver setting and put it in another ou -
-0r -- create a subou and change just the screensaver setting and then add
that one computer to the subou? Will this then read all the other computer
settings for that computer and then read the screensaver setting in the subou
gp for that one computer ?
Thanks for your reply
Sher
"Brandon Baker" wrote:
> I think you might be making this a little harder than it is. Remember,
> loopback is for when one policy is overwriting another. You can use loopback
> to reapply a policy so it is for sure applied.
>
> A lot of how you create and apply group policies is dependent upon your AD
> structure, so there isn't any one asnwer to your question. Now, if you want
> to keep just one computer from receiving a group policy, either move it to
> an OU where the policy isn't applied or use the security settings and
> uncheck apply group policy.
>
>
> "Sher" <Sher@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:929B5A8F-061E-477B-B459-3D2ECC794A25@xxxxxxxxxxxxxxxx
> > Hi all,
> > I started out using gp's with windows 2000 and now have 2003 gp's.
> > I converted my old gp's to 2003.
> > I started out very basic.
> > I have one domain and one gp.
> > gp name = restricted users
> > under restricted users I have set user policies and also computer
> > policies.
> > restricted users gp applies to all domain users
> > Now I am wanting to get a little more advanced with gp's.
> > Can someone explain to me the gp tree I should have in order to used
> > loopback.
> > Should I break out my computer polices in a seperate gp and break out my
> > user policies in a seperate gp?
> > What I am trying to accomplish is having one computer that does not get a
> > manadtory screensaver regardless of who logs on.
> > I don't know how to setup a gp just for the one computer. how do I
> > specify
> > that one computer? Is it by computer name and where would I do this?
> > Does it have something to do with a group in active directory?
> > Sure need some help on this. The more I read about loopback the more I
> > get
> > confused.
> > Should I just create a new gp with only the screensaver policy not
> > configured and then create a group in active directory and add just the
> > one
> > computer.
> > Then apply the group to that new screensaver gp?
> > 1. gp=screensaver disabled
> > 2. group in active directory= screensaver disabled
> > group member=ComputerX
> > 3. change security filter to only=screensaver disabled group
> > 4. link to restricted gp
> > --or this the hard way to do it?
> > Thanks for any help clarifying the ou structure. I did not want to get
> > into
> > having alot of gp's. I prefer having one main one.
> > Sher
>
>
>
.
- Follow-Ups:
- Re: help with loopback gp verses ad group
- From: Brandon Baker
- Re: help with loopback gp verses ad group
- References:
- help with loopback gp verses ad group
- From: Sher
- Re: help with loopback gp verses ad group
- From: Brandon Baker
- help with loopback gp verses ad group
- Prev by Date: Re: help with loopback gp verses ad group
- Next by Date: Re: Controlling User Policy via Computer account
- Previous by thread: Re: help with loopback gp verses ad group
- Next by thread: Re: help with loopback gp verses ad group
- Index(es):
Relevant Pages
|
