Re: Active directory Group Policy (Win2k)

Roger,

Thanks for the pointer, that is obviously the way to go forward. However, the mechanics of it are a little 'peculiar' I will cite some examples.

When I enforce the policy onto the computers in the new OU, it breaks some of the common security settings (e.g. it drops the logon banner, it no longer clears the last username)

Additionally, the settings are now forced onto users that are NOT in the restricted user group, i.e. Domain Admins so the Domain Admins cannot view the 'C' drive, cannot run a command prompt.

I appreciate that I am new to this particular aspect of GPOs and it may be a stteper learning curve than I expected. Do you have any pointers to a useful resource online that covers implementation, rather than one that just states how to enable loopback processing?

Once again, many thanks,

Bogwitch.

Roger Abell [MVP] wrote:
You should research the use of "loopback processing" and
consider using this for a GPO linked to the OU holding the
Office capable machines, which same GPO could be left
at the default security group filtering (i.e. Authenticated
Users) so that it would affect any users logging into the
Office enabled machines.

"Bogwitch" <Bogwitch@xxxxxxxxxxxxxxxxxxx> wrote in message news:45ae151e$0$4755$88260bb3@xxxxxxxxxxxxxxxxxxxx
All,

We have a strong AD GP enforced, removing all common items from the users desktop and start menu.

We have a requirement to allow users, when logged on to certain workstations, to access Microsoft Office. Office is NOT installed on the other workstations.

We can give users access to the menu items by removing the group policy but this then gives all users greater access than required on other workstations.

I have created a new container for the Office loaded workstations but the users will be picking up group policy from the Users container as these users are free to log on to whatever workstation they please but are restricted to using office on only a few.

Is there a setting within Group Policy Manager that I can set that will allow access to a few shortcuts for Office apps without compromising the security of the systems in use?

TIA,

Bogwitch.

--
Posted via a free Usenet account from http://www.teranews.com




--
Posted via a free Usenet account from http://www.teranews.com

.

Relevant Pages

  • Re: Active directory Group Policy (Win2k)
    ... Office capable machines, which same GPO could be left ... workstations, to access Microsoft Office. ... We can give users access to the menu items by removing the group policy ... Posted via a free Usenet account from http://www.teranews.com ...
    (microsoft.public.security)
  • Re: PPTP misery
    ... Domain PCs away from domain will not VPN. ... I am going to do what you ask re Firewall & Policy because I value your ... The only real difference between the domain workstations and the ... YourDomain.local> Group Policy Objects. ...
    (microsoft.public.windows.server.sbs)
  • RE: Require Network login?
    ... In GPMC.MSC, use Group Policy Result wizard, generate a report with the ... Open Server Management, navigate to Advanced Management, Group Policy ... >>5 Windows XP Professional Workstations ... >>2 printers use print server and 1 printer connect to one workstation ...
    (microsoft.public.windows.server.sbs)
  • Re: An interesting question, open to discuss
    ... The suggested use of Ghost makes sense, as I thought RIS with Win2000 was ... some way, e.g. through Group Policy, SMS, Novell Application Launcher / ... > Each night you would reimage the workstations and use a SID changer to ... > have all the workstations with different SIDs. ...
    (microsoft.public.win2000.security)
  • Re: Problems creating a domain level group policy
    ... > I am trying to create a domain-level group policy that prevents the last ... I have downloaded the GPMC and installed it on the server. ... Name the GPO "LastUserNotDisplayed" and click OK ... > not on the workstations. ...
    (microsoft.public.windows.server.active_directory)