RE: GPO for one machine

From: Martin, Olivier (olivier.martin_at_ccq.org)
Date: 09/10/03

  • Next message: Arik Fletcher: "RE: Disabling sharing and group policies" 
    Date: Wed, 10 Sep 2003 12:30:52 -0400
To: "Jeremy Rodriguez" <jeremyrodriguez@cmsmechanical.com>, "Focus-Ms" <focus-ms@securityfocus.com>

    Hi,

    Provided that this is a user GPO, explicitly deny the apply GPO permission to
    the administrators group on this object should make such that they don't get
    this setting applied.

    Hope this helps !

    Olivier

    -----Message d'origine-----
    De : Jeremy Rodriguez [mailto:jeremyrodriguez@cmsmechanical.com]
    Envoyé : Tuesday, September 09, 2003 2:35 PM
    À : Focus-Ms
    Objet : GPO for one machine

    I have one machine setup with Terminal Server. I have setup a limited
    desktop using a policy (GPO). I want to be able to have domain admins login
    and get all menus/programs, while the rest of the users get the limited
    desktop. As I have it now whenever anyone logs in to the box they all get
    the limited desktop no matter if they are a domain admin. How do I fix this?
    I have set it up so it only applies to this machine (loopback) and the
    domain admins security box is set not to apply group policy.

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security
    Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------

  • Next message: Arik Fletcher: "RE: Disabling sharing and group policies"

    Relevant Pages

    • Re: Why Programs get written to need admin priveleges.
      ... >>Why administrators must pesuade some applications to run with ... >>firewall security suite that prevent Web applications ... >>common form of online exploitation. ... >>Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • Re: focus-ms@securityfocus.com
      ... local password caching need never be to a local file on a ... ticket issued Kerberose must use some sort of credential caching. ... > firewall security suite that prevent Web applications attacks, ...
      (Focus-Microsoft)
    • RE: Patch testing
      ... If you don't have mirrored disk capabilities - use Norton Ghost to snap an ... image of the system partition on the server before patching. ... > firewall security suite that prevent Web applications ... > whitepaper on Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • RE: Limiting users on secific machines that are part of a domain
      ... firewall security suite that prevent Web applications attacks, ... common form of online exploitation. ... Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • RE: Patch testing
      ... Just a thought, use mirrored disks, then before installing the patch ... Removable harddrives (if you can afford server downtime): ... firewall security suite that prevent Web applications attacks, ... Policy Automation for Web Applications. ...
      (Focus-Microsoft)