Re: help with loopback gp verses ad group

I think you might be making this a little harder than it is. Remember,
loopback is for when one policy is overwriting another. You can use loopback
to reapply a policy so it is for sure applied.

A lot of how you create and apply group policies is dependent upon your AD
structure, so there isn't any one asnwer to your question. Now, if you want
to keep just one computer from receiving a group policy, either move it to
an OU where the policy isn't applied or use the security settings and
uncheck apply group policy.


"Sher" <Sher@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:929B5A8F-061E-477B-B459-3D2ECC794A25@xxxxxxxxxxxxxxxx
> Hi all,
> I started out using gp's with windows 2000 and now have 2003 gp's.
> I converted my old gp's to 2003.
> I started out very basic.
> I have one domain and one gp.
> gp name = restricted users
> under restricted users I have set user policies and also computer
> policies.
> restricted users gp applies to all domain users
> Now I am wanting to get a little more advanced with gp's.
> Can someone explain to me the gp tree I should have in order to used
> loopback.
> Should I break out my computer polices in a seperate gp and break out my
> user policies in a seperate gp?
> What I am trying to accomplish is having one computer that does not get a
> manadtory screensaver regardless of who logs on.
> I don't know how to setup a gp just for the one computer. how do I
> specify
> that one computer? Is it by computer name and where would I do this?
> Does it have something to do with a group in active directory?
> Sure need some help on this. The more I read about loopback the more I
> get
> confused.
> Should I just create a new gp with only the screensaver policy not
> configured and then create a group in active directory and add just the
> one
> computer.
> Then apply the group to that new screensaver gp?
> 1. gp=screensaver disabled
> 2. group in active directory= screensaver disabled
> group member=ComputerX
> 3. change security filter to only=screensaver disabled group
> 4. link to restricted gp
> --or this the hard way to do it?
> Thanks for any help clarifying the ou structure. I did not want to get
> into
> having alot of gp's. I prefer having one main one.
> Sher


.

Relevant Pages

  • Re: help with loopback gp verses ad group
    ... I know I am probably making it harder but still don't understand loopback ... main gp except the screensaver setting. ... > loopback is for when one policy is overwriting another. ... >> under restricted users I have set user policies and also computer ...
    (microsoft.public.windows.group_policy)
  • Re: help with loopback gp verses ad group
    ... first gp will apply all settings to the computer and users, ... will reverse just the settings applied for the screensaver. ... >> loopback is for when one policy is overwriting another. ...
    (microsoft.public.windows.group_policy)
  • Re: Loopback Processing and Deny Apply in ACL
    ... To clarify how policy loopback works: ... The computer configuration settings from this list are applied to the ... When the user logs in, different behaviour occurs according to the policy ...
    (microsoft.public.win2000.group_policy)
  • Re: Complex GPO Configuration Issue
    ... I have read a lot of posts and articles on loopback processing and have used ... If you enforce a policy then it will override all other polices in the path ... to the user/computer unless another GPO closer to the user/computer is also ... What I'm getting for user configuration is ...
    (microsoft.public.windows.group_policy)
  • Re: Mulitiple Loopback GPOs and one OU
    ... I tested what you've indicated..interesting...it reads from my first policy, ... that loopback is implemented and then it ends up applying the ... explicitly apply computer settings in a GPO via a security filter...they seem ... loopback policy is even read on the GPO that has an explicit Deny on it? ...
    (microsoft.public.windows.group_policy)