Re: Exchange OWA 2003 Trusted Root Certificate
From: Smurfman (Smurfman_at_discussions.microsoft.com)
Date: 02/15/05
- Next message: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Previous message: Herb Martin: "Re: Backup and restore Win2k Member server Local groups"
- In reply to: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Feb 2005 10:09:03 -0800
So Steve - back to my original question, since my model is small, it is my
understanding that I can "filter" a particular GPO from the Domain Level to
apply only to specific user groups that I have created. (I base that
statement on Chapter 4 - How Group Policy Works in the Windows 2000 Server
doc, on the Technet CD.)
"Administrators can overcome this problem by organizing users and computers
into security groups, and then using these groups to filter the impact of
Group Policy.
The IT department can create groups based on the tasks that their users
perform, the degree of authority users have to modify their own or other
computers, and the configurations that users need to have. For example, the
IT department could accomplish their goal by creating a security group just
for vice presidents. This can greatly simplify the process of administering
users with disparate configuration and permission requirements. Therefore, in
Figure 4.4, the vice presidents' security group might prevent the domain
level GPO (GPO 2) from applying to vice presidents in the Headquarters and
Marketing OUs. "
Based on that, if were to create a domain GPO, and filter based 3 specific
groups to apply, and if in those groups I assigned the computers that were
part of each group...would the Computer Configuration be pushed to the
machines, based on the imported Root Certificate?
Thanks
J
"Steven L Umbach" wrote:
> It is computer configuration which means that the policy is non user
> specific and will apply to all users that logon to that computer. You can
> not filter computer configuration policy be user but you could for specific
> computers or a global group that computers are a member of. I can't think of
> a work around offhand to have it work for specific users. --- Steve
>
>
> "Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
> news:22EC86FC-D478-4A8F-AC42-862FDEA06AE6@microsoft.com...
> > Thanks, so barring adding each computer to the policy where I think a user
> > might log into, would this work: Adding the Computers to the Groups in
> > which
> > the policy is applied to. So that an OU called "Shipping Department" has
> > a
> > group assigned to it called "Shipping". Members of the Shipping group are
> > user1 and user2. A policy is created with Permissions to apply a Trusted
> > Root Certificate to the Shipping Group, which would install the
> > certificate I
> > want but only for those particular users. Am I correct in saying that I
> > should just add the computers that are physically located in the Shipping
> > Department to the group Shipping, so that all Computer Policies are
> > applied
> > to the machine?
> >
> > I kind of thought that the computer policies would apply to the computer
> > that a particular user logged into, not the a specific computer? Can we
> > verify this? That link that I included for accomplishing these steps,
> > said
> > nothing about adding specific users, in fact it was a Default Domain
> > Policy?
> >
> > Thanks
> >
> > "Steven L Umbach" wrote:
> >
> >> That policy is "computer configuration". You will have to have that
> >> policy
> >> apply to a computer that the user logs onto. For instance if you
> >> configured
> >> that Group Policy at the OU level, the computer account will need to be
> >> in
> >> that OU. --- Steve
> >>
> >>
> >> "Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
> >> news:2B70371B-B70B-43AE-86B5-0DCBEFF34E85@microsoft.com...
> >> >I am looking to attach a certificate to a GPO, under the Trusted Root
> >> > Certificates so that specific users on the network who access the
> >> > Secure
> >> > (https) Outlook Web Agent 2003, will already have the certifiacte
> >> > installed,
> >> > and not have to answer yes to a certificate question each time the
> >> > browser
> >> > access the website on the exchange server.
> >> >
> >> > My attempt has been this, accessed the server and installed the
> >> > certificate,
> >> > then I exported the certificate as p7b...I then could mannually go to
> >> > other
> >> > machines and import the certificate, but do not want to do that over
> >> > the
> >> > enterprise.
> >> >
> >> > I created a GPO based on this link:
> >> > "http://www.microsoft.com/windows2000/techinfo/planning/security/catruststeps.asp#heading2"
> >> > I applied the policy only to my test user that I created, yet the
> >> > certificate is never installed as I would have expected it. I suspect
> >> > that I
> >> > have missed something, but can't put my finger on it.
> >> >
> >> > Any ideas?
> >> > J
> >>
> >>
> >>
>
>
>
- Next message: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Previous message: Herb Martin: "Re: Backup and restore Win2k Member server Local groups"
- In reply to: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
