Re: Apply User Settings only when using specific Computers
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Sun, 12 Aug 2007 22:49:34 -0700
"Dragos CAMARA" <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BC3D8FA4-CDA2-4CEE-AE5E-45D27C4393F2@xxxxxxxxxxxxxxxx
--
Dragos CAMARA
MCSA Windows 2003 server
"Yuppie" wrote:
On Aug 9, 11:40 pm, "Roger Abell [MVP]" <mvpNoS...@xxxxxxx> wrote:it' ok, move the test machine on Greenview OU and run a gpupdate /force.
"Yuppie" <xje...@xxxxxxxxx> wrote in message
news:1186680278.340642.95860@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So, I am thinking the issue is all in what you mean by "specified
the scope".
Probably.
In a more normal case, one links the loopback GPO to the OU
containing the machines where this should happen.
I believe I have done this. In the GPO Settings on the Scope tab
under Security Filter "The settings in this GPO can only be applied
to
the following groups, users, and computers" I have specified one
machine for testing.
Then when editing the the policy, I have changed Computer
Configuration | Administrative Templates | System/Group Policy | User
Group Policy loopback processing mode (enabled - merge) and specified
a logon script under User Configuration.
Is the the proper way to set up the GPO to accomplish what I set out
to do?
No. The computers that are to process the GPO and so see that it
is a loopback policy, and then also the user accounts that are to
have the GPO processed in loopback for them need to be in the
security group filtering.
Something seems wrong. With only the computer specified in the
Scope,
the script does not run. When "Domain Users" and the computer are
specified, the script runs, but it also runs on computers other than
my test machine.
That part I do not understand. I mean, I do see how that lets the
loopback processing happen for users, but I do not see why that
cause it to apply with other computers (unless someone has
modified the membership of Domain Users). Computer accounts
are in Domain Computers and user accounts in Domain Users, so
adding Domain Users causing other computers to use the GPO
otherwise (than DU membership having been altered) does not
make sense to me.
Roger- Hide quoted text -
- Show quoted text -
I think the problem now is link order and precedence. I recently
discovered creating OU's and putting GPO's in OU's. So my setup is
like this:
Domain:
-Default Domain Policy GPO
-Greenview OU
--Greenview GPO (where script, loopback is set up, etc.)
When logging on to the test machine and running rsop.msc, the
Greenview GPO settings are not applied. The GPO is Enforced, Enabled
and Link Enabled. The Group Policy Inheritance is 1 Default Domain
Policy, 2 Greenview GPO.
The
users dosent have to be on Greenview OU
I think poster's issue is not getting it to work on the intended machine,
as it is said all works if Domain Users has grant to read/apply.
Rather, poster's problem is that when there is a Domain Users grant
the GPO gets applied by other machines (or else I read posts wrong).
.
- References:
- Apply User Settings only when using specific Computers
- From: Yuppie
- Re: Apply User Settings only when using specific Computers
- From: Roger Abell [MVP]
- Re: Apply User Settings only when using specific Computers
- From: Yuppie
- Re: Apply User Settings only when using specific Computers
- From: Roger Abell [MVP]
- Re: Apply User Settings only when using specific Computers
- From: Yuppie
- Re: Apply User Settings only when using specific Computers
- From: Dragos CAMARA
- Apply User Settings only when using specific Computers
- Prev by Date: Re: Apply User Settings only when using specific Computers
- Next by Date: Re: Software Deployment
- Previous by thread: Re: Apply User Settings only when using specific Computers
- Next by thread: Re: Apply User Settings only when using specific Computers
- Index(es):
Relevant Pages
|
