Re: make domain GP not apply to local computer?
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 7 May 2006 22:26:23 -0500
It sounds like the specific setting you talk about is a user right for shut
down the system which is "computer" configuration Group Policy. Group Policy
can be configured so that only authorized users can shut down the TS and
then a different GP can be set for the laptop computers to allow users to
shut down the system. It is usually best to have a TS in a different
Organizational Unit that other domain computers so that it can have it's own
Group Policy linked to the OU and configured as needed for the TS.
For TS often "loopback processing" of Group Policy is used for "user"
configuration in which case the user configuration settings applied to the
GPO for the TS are applied to users logging onto the TS instead of their
normal Group Policy user configuration settings in a merge or replace mode.
The links below explains more on that if that would be helpful and running
rsop.msc on an XP Pro computer or using the Resultant Set of Policy mmc
snapin on Windows 2003 domain controller can show the current Group Policy
settings and what Group Policy is applying them. When running RSOP on a
domain controller in "planning" mode instead of logging mode you can see
what Group Policy settings will apply to a user/computer when loopback
processing is implemented or other scenarios. --- Steve
http://technet2.microsoft.com/WindowsServer/en/Library/274e614e-f515-4b80-b794-fe09b5c21bad1033.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;231287&sd=tech ---
applies to Windows 2003 also
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:dVu7g.21925$YI5.11914@xxxxxxxxxxxxxxxxxxxxxxxxx
In article <OpZyUdicGHA.3352@xxxxxxxxxxxxxxxxxxxx>, newshelper@xxxxxxxxx
says...
Leythos wrote:
I would like to block a domain GP from applying to the local
computer - I have a user that uses T/S for all the needs, except
that they also take a laptop with them - I don't want the GP to
apply when they are using their laptop - any ideas?
Don't want the group policies applying to what? The laptop?
If so - don't join the laptop to the domain.
If to the machine they are remoting into - the GPs are already applied to
it..
Let me explain it better:
User has a laptop that is part of the domain, they will connect to the
network three ways:
1) Cabled to the domain, using resources via their laptop as though it
was a workstation in the network.
2) VPN into the domain from a remote location/hotel, accessing resources
like it was connected to the network directly in the office - slow, but
gives full access to all office/network resources.
3) Local or Remote connection to Terminal Server using Remote Desktop.
The problem, and I'm not the one that set this up, is that if the admin
sets up the GP so that users accessing the T/S server can't shut it
down, then they can't shutdown their local laptops.
I've not had time to connect and look at their GPO settings, so I
thought I would ask here so that I could get a head start for Monday.
--
spam999free@xxxxxxxxxx
remove 999 in order to email me
.
- References:
- Re: make domain GP not apply to local computer?
- From: Shenan Stanley
- Re: make domain GP not apply to local computer?
- Prev by Date: Re: Recurring Spyware
- Next by Date: Re: GP not applied to XP SP2 Clients
- Previous by thread: Re: make domain GP not apply to local computer?
- Next by thread: Re: make domain GP not apply to local computer?
- Index(es):
Relevant Pages
|
