Re: group policy question

From: David Y. Ng (dng_at_cmhsweb.org)
Date: 10/20/03

  • Next message: Kelley, Sean: "group policy and NT policy editor" 
    Date: Mon, 20 Oct 2003 16:33:38 -0400
To: Jannie Hanekom <j_hanekom@hotmail.com>, focus-ms@securityfocus.com

    First, thanks to Jannie and all those who replied.

    >Now comes the tricky part - you will have to create a group of users which
    >should NOT receive the setting. Add this group to the ACL for the GPO
    >above, and set the tickbox to deny "Apply Group Policy". Since deny takes
    >precedence over allow, it is not possible to deny "Apply Group Policy" to
    >Authenticated Users, as this will override the setting for the computer
    >account as well, causing the computer to overlook the policy during
    >application and therefore not apply the Loopback portion of it when a user
    >logs on.
    >
    >
    The server that I would like to have those special GP for special users
    is a Terminal Server.
    The only people allowed to login to that TS belongs to a special group
    so Apply Group
    Policy on that special group should do the trick. (Authenticated users
    unchecked)

    But is there a quick way to do what you mentioned on that paragraph above?
    Something like an ALL users except .........

    Someone on the list also told me that Windows Server 2003 can do this more
    efficiently. I have Windows 2003 license but I opted to install the 2000
    version
    mainly because most new releases from MS has lots of bugs to begin with. I
    could be wrong with this release though.

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
    ---------------------------------------------------------------------------

  • Next message: Kelley, Sean: "group policy and NT policy editor"

    Relevant Pages

    • Re: Everyone vs Authenticated Users
      ... Microsoft MVP (Windows Server: Security) ... that say Everyone to Authenticated Users? ... network and I need to tighten things up first. ...
      (microsoft.public.windows.server.security)
    • RE: IIS problem with IUSR and IWAM passwords.
      ... would like to know what are Authenticated users, NETWORK and INTERACTIVE. ... Authenticated users includes all users whose identities were authenticated ... Microsoft Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
      (microsoft.public.windows.server.sbs)
    • Re: Problems with Security Policy accross trust
      ... GPO is implemented to lock the desktop down, if it will not pass from trust ... > or authenticated users can allow access to users from a trusted domain. ... Ipsec by default uses ... > kerberos authentication to create a security association before computers ...
      (microsoft.public.security)
    • Re: GPResult lists machine policy as "Denied (Security)." Dont kn
      ... Authenticated Users are set to Read and Apply. ... > Microsoft MVP (Windows Security) ... >> Anyway the XP SP2 firewall settings are a part of the machine policy as ... >> So as you can imagine, I'm trying to figure out why the machine GPO ...
      (microsoft.public.win2000.group_policy)
    • Re: XP network users authenticate against guest password
      ... HOW TO Reset Security Settings Back to the Defaults: ... > even just a random sequence of letters as long as I use the Guest ... > - I AM able to logon with any Authenticated Users' credentials. ...
      (microsoft.public.windowsxp.help_and_support)