Re: Exchange OWA 2003 Trusted Root Certificate
From: Smurfman (Smurfman_at_discussions.microsoft.com)
Date: 02/15/05
- Next message: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Previous message: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- In reply to: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Feb 2005 10:37:07 -0800
Not based on this - "The Authenticated Users group includes both users and
computers. " See below. I think I have a pretty good working knowledge of
how this should work, I admit, I don't know it all...but I do know that if a
GPO is created, and the default setting for security and applying that
security is Authenticated Users, then this will in fact apply to the computer.
Give me some credit...
"Security Filtering
Security filtering is a way of refining which users and computers will
receive and apply the settings in a GPO. Using security filtering, you can
narrow the scope of a GPO so that it applies only to a single group, user, or
computer by specifying that only certain security principals within a
container where the GPO is linked apply the GPO. Security filtering
determines whether the GPO as a whole applies to groups, users, or computers;
it cannot be used selectively on different settings within a GPO.
In order for the GPO to apply to a given user or computer, that user or
computer must have both Read and Apply Group Policy (AGP) permissions on the
GPO, either explicitly, or effectively though group membership.
By default, all GPOs have Read and AGP both Allowed for the Authenticated
Users group. The Authenticated Users group includes both users and computers.
This is how all authenticated users receive the settings of a new GPO when it
is applied to an organizational unit, domain or site. Therefore, the default
behavior is for every GPO to apply to every Authenticated User. By default,
Domain Admins, Enterprise Admins, and the local system have full control
permissions, without the Apply Group Policy ACE. However, administrators are
members of Authenticated Users, which means that they will receive the
settings in the GPO by default. "
"Paul Adare" wrote:
> In article <6AAFFDB5-6B9E-4CB5-BE75-9E0FB3938DE4@microsoft.com>, in the
> microsoft.public.win2000.security news group, =?Utf-8?B?U211cmZtYW4=?=
> <Smurfman@discussions.microsoft.com> says...
>
> > By the way, you never answered my original question, rather you attacked how
> > YOU might have done something or how you thought it should have been done.
> >
>
> I didn't attack anything, you're still missing some fundamentals on how
> Group Policy works. For example, setting in the computer configuration
> section of a GPO are not processed when a user account processes a GPO
> and settings in the user configuration section are not processed when a
> computer account processes a GPO.
>
> I strongly suggest that you do some reading up on Group Policy.
>
> Have fun.
>
> --
> Paul Adare
> "On two occasions, I have been asked [by members of Parliament],
> 'Pray, Mr. Babbage, if you put into the machine wrong figures,
> will the right answers come out?' I am not able to rightly apprehend
> the kind of confusion of ideas that could provoke such a question."
> -- Charles Babbage (1791-1871)
>
- Next message: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Previous message: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- In reply to: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
