Re: Group Police Question !
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 11/09/04
- Next message: Ken Yu: "Re: Group Police Question !"
- Previous message: Ken Yu: "Re: Group Police Question !"
- In reply to: Ken Yu: "Re: Group Police Question !"
- Next in thread: Ken Yu: "Re: Group Police Question !"
- Reply: Ken Yu: "Re: Group Police Question !"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 8 Nov 2004 20:49:19 -0700
Ken Yu
See if this helps any.
A GPO linked so it will apply to a computer will apply the computer
settings,
and one linked so it will apply to a user will apply the user settings.
So, if the user is an an OU with a GPO that applies users settings,
and the computer in an OU with a GPO that applies computer settings.
The above is not new to you, by what you have posted.
However, this can be altered.
If you link a GPO to the OU with the computer, and set it to do loopback
processing, then you can apply user settings even though the user is
not in the OU. If you use security group filtering in the GPO, then you
can control for which users the loopback GPO will be applied. Finally,
when you define this GPO loopback processing you can state whether
it will merge with or replace earlier applied user settings.
http://support.microsoft.com/?id=231287
So, in your case, you would likely define a GPO to carry the "normal"
policies for users and computers, perhaps linking this at the domain
level, and then on the OU that holds the public access machine link
another GPO the applies computer settings, and is set to do loopback
processing and apply the alternate user settings.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCDBA, MCSE W2k3+W2k+Nt4 "Ken Yu" <none@none.com> wrote in message news:O6tGsxfxEHA.1396@tk2msftngp13.phx.gbl... > Mike, > > My case is, I have one Workstation ( for Public use ) for All internal > user access, when our user using his > account to login this Workstation will apply Group Police #1, and when our > user using his account to login > his Workstation ( each user have one workstation ) will apply Group Police > #2 ! > > Our company have 30 Workstation for each user, but this Workstation ( for > Public use ) is only to run special application, > so may be all user will be access this Workstation to run special > aplication, our company DC Server is using Windows 2000 Server, > i don't want to create specify account for this Workstation ( for Public > use ). > > tks a lot ! > Ken > > > "Miha Pihler" <mihap-news@atlantis.si> > 撰寫於郵件新聞:e1%23e%23FZxEHA.2172@TK2MSFTNGP14.phx.gbl... >> Ken, >> >> Do you know which users will connect to which server or will this be >> random (all users will have access to all servers)? >> >> Mike >> >> "Ken Yu" <none@none.com> wrote in message >> news:%23GGBn%23XxEHA.3276@TK2MSFTNGP15.phx.gbl... >>> Mike, >>> >>> Are this step can apply Group Police ( User Configuration ) or not ? >>> because the Group Police A & B Setting is using ( User >>> Configuration ) not ( Computer Configuration ) ! >>> >>> I tried, User A login to Computer A can't apply Group Police A ( w/ >>> User Configuration ) >>> >>> Tks a Lot >>> Ken >>> >>> >>> "Miha Pihler" <mihap-news@atlantis.si> >>> 撰寫於郵件新聞:uksm$zXxEHA.3024@TK2MSFTNGP14.phx.gbl... >>>> If you will use two OUs then you don't need to set any permissions. As >>>> mentioned you can create two OUs and place computer A in OU A and place >>>> computer B in OU B. Link group policy for PC-A to OU A and link group >>>> policy for PC-B to OU B. >>>> >>>> Mike >>>> >>>> "Ken Yu" <none@none.com> wrote in message >>>> news:%23WUHpaXxEHA.1264@TK2MSFTNGP12.phx.gbl... >>>>> Hi Mike, >>>>> >>>>> Can you tell me how to set the permissions ?? >>>>> >>>>> When User-A login to PC-A will apply Group Police #1. >>>>> When User-A login to PC-B will apply Group Police #2. >>>>> >>>>> How can do that ? >>>>> >>>>> Tks a Lot ! >>>>> Ken >>>>> >>>>> >>>>> "Miha Pihler" <mihap-news@atlantis.si> >>>>> 撰寫於郵件新聞:OenJhmWxEHA.3416@TK2MSFTNGP09.phx.gbl... >>>>>> Hi Ken, >>>>>> >>>>>> You can simply solve this problem if you create two OUs. One for >>>>>> computer A and one for computer B. Apply appropriate Group Policy to >>>>>> appropriate OU. >>>>>> >>>>>> Mike >>>>>> >>>>>> ***** >>>>>> >>>>>> "Ken Yu" <none@none.com> wrote in message >>>>>> news:ukRRyQWxEHA.2040@tk2msftngp13.phx.gbl... >>>>>> Hi, >>>>>> >>>>>> I have one question about Group Police, >>>>>> >>>>>> I want create two different "Group Police" for our user, >>>>>> >>>>>> Group Police #1 ( have Computer & User Police ) : for All User login >>>>>> "PC-A" only. >>>>>> Group Police #2 ( have Computer & User Police ) : for All User login >>>>>> "PC-B" only. >>>>>> >>>>>> Both Group Police have different Setting. >>>>>> >>>>>> I tried to created "OU" to store our "User Account", but i can't >>>>>> specify different "Group Police" for different "PC" ! >>>>>> >>>>>> Please help ? >>>>>> >>>>>> Tks a Lot ! >>>>>> Ken >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
- Next message: Ken Yu: "Re: Group Police Question !"
- Previous message: Ken Yu: "Re: Group Police Question !"
- In reply to: Ken Yu: "Re: Group Police Question !"
- Next in thread: Ken Yu: "Re: Group Police Question !"
- Reply: Ken Yu: "Re: Group Police Question !"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
