Re: Clarification Needed
- From: Florian Frommherz <florian@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 08 Jan 2007 22:19:07 +0100
Howdie DJ!
DJ wrote:
My objective is to lockdown desktops for users and expempt domain admins from the policy. My plan was to create 2 GPO's one User Level and one Domain Admin GPO. Configure each one as needed and then link to domain. I did notice that when you create a GPO, it automatically adds authenticated users. Is there any problem removing and in line with the above thinking, add domain users to the User GPO and domain admins to the Domain Admins GPO.
You can alter the NFTS permissions of the Group Policies by accessing the tab "Security" at the properties of the Policy. If a group of users shall not apply/overtake a Group Policy, simple add a "Deny Group Policy" permission to the group...
But be sure to document your steps very well since "messing around" with security permissions - also called "security filtering" is a common trap to fall into, as other administrators might not clearly "see" that you altered the default permissions of this Group Policy.
cheers,
Florian
--
Nachwuschsadmin aus dem Süddeutschen/Germany.
eMail: Vorname [bei] frickelsoft [Punkt] net.
blog: http://www.frickelsoft.net/blog.
.
- References:
- Clarification Needed
- From: DJ
- Clarification Needed
- Prev by Date: Re: "Dummies" Documentation for GP setup
- Next by Date: Re: changing wallpaper disabled
- Previous by thread: Clarification Needed
- Next by thread: Re: Clarification Needed
- Index(es):
Relevant Pages
|
Loading
