Re: Assigning and application to selected users on selected comput

Hi Bob,

Have you any questions?

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
| Thread-Topic: Assigning and application to selected users on selected
comput
| thread-index: AcekYkdjC/7dysE7Ts2yirVFHxXjUA==
| X-WBNR-Posting-Host: 207.46.19.197
| From: =?Utf-8?B?Qm9iVw==?= <Osm3um@xxxxxxxxxxxxxx>
| References: <A2C47C7F-F374-4E8E-AB67-7AD60B522FC4@xxxxxxxxxxxxx>
<unmht9roHHA.4900@xxxxxxxxxxxxxxxxxxxx>
<1D3125D8-D72D-4FF1-97F6-352C40AF34FA@xxxxxxxxxxxxx>
<eIgWnA$oHHA.1852@xxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Assigning and application to selected users on selected
comput
| Date: Fri, 1 Jun 2007 08:34:01 -0700
| Lines: 56
| Message-ID: <7B8F11CC-1B02-413B-91E5-6314FCCD432A@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.group_policy
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.group_policy:3746
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.group_policy
|
| Thank you for your time,
| Bob
|
| "Roger Abell [MVP]" wrote:
|
| > "BobW" <Osm3um@xxxxxxxxxxxxxx> wrote in message
| > news:1D3125D8-D72D-4FF1-97F6-352C40AF34FA@xxxxxxxxxxxxxxxx
| > >I always thought that was a "not best practice".
| > >
| >
| > Opinions seem to differ widely on what is / is not a GP best practice,
| > with some agreement on certain points of course. I have never heard
| > use of loopback processing referred to as a poor practice however,
| > and it certainly is sometimes the only way to do some things.
| > This is one of those cases where I at least can think of no other way
| > to do what you have outlined except by use of loopback processing.
| >
| > Many, including myself, recommend avoiding the use of security
| > group filtering, which in this case you could do if the machines that
| > are supposed to show this behavior could all be moved into an OU.
| > Then you would need to either have the loopback GPO apply to all
| > users logging into those machines (i.e. leave the GPO as default
| > application to Authenticated Users) or you would still need to alter
| > the security group filtering (to limit it down to the intended users,
| > but doing this would remove apply grants for computers so you
| > would need to add such as Domain Computers).
| >
| > I use an identifier in the GPO name that makes it clear that the GPO
| > is set to do loopback processing (such as a LB in the GPO name),
| > and I recognize the LB GPOs are almost invariably security group
| > filtered.
| >
| > >
| > > "Roger Abell [MVP]" wrote:
| > >
| > >> Consider use of a GPO set to use loopback processing that is
| > >> security group filtered to apply to only those computers and
| > >> those users.
| > >>
| > >>
| > >> "BobW" <Osm3um@xxxxxxxxxxxxxx> wrote in message
| > >> news:A2C47C7F-F374-4E8E-AB67-7AD60B522FC4@xxxxxxxxxxxxxxxx
| > >> >I need to assign an application via GPO to only certain users and
only
| > >> >when
| > >> > they loogn to certain computers. Some of my users roam.
| > >> >
| > >> > What is the best way to do this without creating a separate OU?
| > >> >
| > >> > Thanks,
| > >> > Bob
| > >>
| > >>
| > >>
| >
| >
| >
|

.

Relevant Pages

  • Re: Active Directory Folders
    ... >> I'm certainly not going to discount a book published by Microsoft ... >> replace the computers and users containers created by default and ... Passowords can only be set in a GPO at the ... Laptops ...
    (microsoft.public.windows.server.active_directory)
  • Re: Active Directory Folders
    ... > I'm certainly not going to discount a book published by Microsoft ... > replace the computers and users containers created by default and ... Passowords can only be set in a GPO at the ... Laptops ...
    (microsoft.public.windows.server.active_directory)
  • Re: cant override screen saver policy
    ... Yes, I figured out that using loopback processing was the answer (Ok, I ... > Settings in the User Configuration part of a GPO always apply to User ... > users log on to specific computers, then enable Loopback processing in a GPO ...
    (microsoft.public.win2000.group_policy)
  • Re: Apply User Settings only when using specific Computers
    ... In the GPO Settings on the Scope tab ... Group Policy loopback processing mode and specified ... The computers that are to process the GPO and so see that it ... modified the membership of Domain Users). ...
    (microsoft.public.windows.group_policy)
  • Another GP Loobback Processing Question
    ... I am wanting users under the OU to login to Computer under ... I have tried moving the Loobback GPO directly to the Computers OU, ... loopback processing is not working correctly their either. ...
    (microsoft.public.windows.server.active_directory)