Re: Exchange OWA 2003 Trusted Root Certificate
From: Smurfman (Smurfman_at_discussions.microsoft.com)
Date: 02/16/05
- Next message: Roger Abell: "Re: File permissons"
- Previous message: Enno Lenze: "Re: user cannot log off"
- In reply to: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Feb 2005 06:31:04 -0800
Actually that was not the only thing I was trying to accomplish. There are
specific user configurations that I will be performing as well. But my whole
issue was that When I removed Authenticated Users from the default setting
for the Apply of the GPO, the computer configuration was not applied, when I
used this GPO at the domain level, since Domain Computers are a member of
Authenticated Users, other GPO's that I made computer config changes to,
worked just fine. Once I modified a group to include the specific computers
that would get this particular config, and applied it to the GPO (filter)
everything worked like a charm.
I do have another question, raised by your comment below. I notice there
are options for the GPO to Disable User or Computer Configuration Settings.
When I have a policy (not this one), that has Authenticated Users as the
default, and I have left this setting as is, but made no comptuer changes -
is it safe to assume that the computer configuration is skipped - or in a
domain of less than 50 users, do I care? Is performance really a concern?
"Paul Adare" wrote:
> In article <gsGdnUQ-Y5-o44_fRVn-og@comcast.com>, in the
> microsoft.public.win2000.security news group, Steven L Umbach <n9rou@n0-
> spam-for-me-comcast.net> says...
>
> > That should work fine with the GPO at the domain level. --- Steve
> >
> > "Smurfman" <Smurfman@discussions.microsoft.com> wrote in message
> > news:A340D0EB-BB20-41E7-8478-42D257B72CBF@microsoft.com...
> > > So for this example, create 2 Global Groups, perhaps one called Mail_Users
> > > and the other Mail_Workstations. Then assign the users and computers to
> > > each
> > > respective group, and use those two groups in the GPO Security settings to
> > > Apply and then what - Assign the GPO to the Domain?. Am I following you
> > > correctly?
> >
>
> If all the OP is trying to do here is to push the required root
> certificate out however, there is no need for the Mail_Users group at
> all. Since the Public Key policy settings are in the Computer
> Configuration section of the GPO, that section will _never_ be processed
> by user. Giving them permissions on a GPO that they will never process
> doesn't accomplish anything. In fact, as a best practice, if a GPO
> contains _only_ user or _only_ computer settings processing of the empty
> section of the GPO should be disabled for performance reasons. No point
> processing a GPO that doesn't contain settings that will be applied.
>
> --
> Paul Adare
> "On two occasions, I have been asked [by members of Parliament],
> 'Pray, Mr. Babbage, if you put into the machine wrong figures,
> will the right answers come out?' I am not able to rightly apprehend
> the kind of confusion of ideas that could provoke such a question."
> -- Charles Babbage (1791-1871)
>
- Next message: Roger Abell: "Re: File permissons"
- Previous message: Enno Lenze: "Re: user cannot log off"
- In reply to: Paul Adare: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Next in thread: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Reply: Steven L Umbach: "Re: Exchange OWA 2003 Trusted Root Certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
