Re: Group Policy???
From: Andrew Mitchell (amitchel_at_removecasey.vic.gov.au)
Date: 03/11/04
- Next message: Herb Martin: "Re: L2TP/IPSec Computer Certificates for non domain computers"
- Previous message: Andrew Mitchell: "Re: Domain Password Policy"
- In reply to: Steven L Umbach: "Re: Group Policy???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Mar 2004 01:53:51 -0800
"Steven L Umbach" <n9rou@nospam-comcast.net> said
> You can restrict users from accessing or changing many display
> properties in Group Policy via user configuration/administrative
> templates/control panel/display. You would have to either put those
> users in their own OU where you would apply those restrictions via a
> GPO for that OU or configure it at the domain level or other common
> level and filter the policy so that it applies to only the users in a
> specific group. See the link below for details on Group Policy
> filtering.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;322176
>
Doing it that way will apply the policy to the users whether they were
logging into the TS server or their own workstations, which I don't think
is the intention.
You want to place the TS servers in their own OU and apply a loopback
policy to this OU. That way, no matter who logs into the machine and what
their user settings are, they will pick up the user settings applied to the
TS server. You would normally want to exclude the domain admins from
picking up this policy though, so deny the Apply Group Policy permission to
the Domain Admins group.
Try here for details
http://support.microsoft.com/support/kb/articles/q231/2/87.asp
Andy.
- Next message: Herb Martin: "Re: L2TP/IPSec Computer Certificates for non domain computers"
- Previous message: Andrew Mitchell: "Re: Domain Password Policy"
- In reply to: Steven L Umbach: "Re: Group Policy???"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
