Re: blocked inheritance
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Sep 2005 17:29:01 -0500
OK. I take it that the problem was resolved. Glad to help. --- Steve
"Ian G" <IanG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:95B29E7D-3122-4587-846A-D11FEA3D422D@xxxxxxxxxxxxxxxx
> Steve,
>
> Your a star, thanks.
>
> Ian G
>
>
>
> "Steven L Umbach" wrote:
>
>> Take a look at "security filtering" under the scope tab for the Group
>> Policy
>> under Group Policy objects. That shows what users/groups the GPO applies
>> to
>> which be default is authenticated users. To see and/or change the actual
>> permissions to the GPO [not for delegation] go to the delegation tab and
>> select advanced in the lower right hand corner. Only users/groups that
>> have
>> both read and apply permissions for allow will have the GPO apply to them
>> and kep in mind that a deny permission overrides and allow permission. So
>> if
>> authenticated users have read and apply allow permissions but domain
>> admins
>> has deny permissions for apply then that GPO will not apply to members of
>> the domain admins group. --- Steve
>>
>>
>> "Ian G" <IanG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:6F23E7CD-7DBA-49E0-8617-2DA3FC409951@xxxxxxxxxxxxxxxx
>> > Steve
>> >
>> > Thanks for this, but when i checked, i went to the delegation tab of
>> > the
>> > IT
>> > OU in the GPMC and it states that for the permission "Link GPO's" (the
>> > default drop down) domain admins has allow for this container only with
>> > no
>> > "inherited". When I press the Advanced button and look in the dialog
>> > displayed Domain Admins has Full Control - again what am I missing (I'm
>> > new
>> > to group policy). We're all domain admins in IT at the moment until i
>> > can
>> > push out delegated control (the next task on my list)
>> >
>> > Ian G
>> >
>> >
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> More than likely that means that the user that you are running the
>> >> RSOP
>> >> for
>> >> does not have read and apply permissions for the GPO. Check the
>> >> properties/security of the GPO to see who has read and apply
>> >> permissions
>> >> for allow. --- Steve
>> >>
>> >>
>> >> "Ian G" <IanG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:94E16537-0FE4-4E09-A18F-CA4164103CA4@xxxxxxxxxxxxxxxx
>> >> > I've setup an OU structure replicating the departments in my company
>> >> > and
>> >> > applied a general user GPO to the top level, I've then blocked
>> >> > inheritance
>> >> > and applied an Admin user gpo to this OU. When i do a RSoP it states
>> >> > that
>> >> > no
>> >> > GPO are applied to the IT OU, the ones that i expect to be blocked
>> >> > are
>> >> > Blocked SOM as expected, but the admin GPO is also blocked "Access
>> >> > Denied
>> >> > (Security Filtering)" - what have i missed?
>> >> >
>> >> > Ian G
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
.
- References:
- Re: blocked inheritance
- From: Steven L Umbach
- Re: blocked inheritance
- From: Steven L Umbach
- Re: blocked inheritance
- From: Ian G
- Re: blocked inheritance
- Prev by Date: Re: blocked inheritance
- Next by Date: Allow active content to run in files on My Computer
- Previous by thread: Re: blocked inheritance
- Next by thread: Roaming profiles, Folder Redirection and Offline files
- Index(es):
Relevant Pages
|
