Re: Group Policy
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 19 Jan 2009 10:30:32 -0500
yba02 <yba02@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi,
Doing that was excellent. However, I faced a little problem that
needs some workaround.
The TS I want to dispense to users has 2 drives, to which I want to
prevent access. However, I still have to offer the users a shared
folder on either drive.
I'm not sure what that means. Why would you have any data on the TS box
anyway? Your data should be on a file server - the TS box should be nothing
but a terminal server, with no other roles on the network.
I'm still scratching my head till now.
Thanks
Yahya
"Lanwench [MVP - Exchange]" wrote:
yba02 <yba02@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
AD stands for Active Directory, a Windows server infrastructure
where a collection of PCs and servers are controlled from a single
point.
As a matter of fact Lanwench, I should have posted this inquiry in
Windows Server group, as I was actually talking about AD
environment. With AD in effect, how to do that? I tried it on a
member server's GP but it did not allow for user groups exclusions.
Do I have to do it on the DC domain policy management console?
You can edit domain policies from a member server (or a workstation,
even) if you're using an account with sufficient permissions - I'd
use GPMC.
You can use the "deny" checkbox in "apply group policy" for stuff
that shouldn't apply to administrators. That would be useful if you
had, say, a Terminal Server or kiosk machine, and had policies
linked to its OU with loopback processing enabled - so that all
users would get the same settings on that box.
Or, if this isn't a Terminal Services or kiosk box, it would be
better to put your users & computers in different OUs, so that you
can link a "user" policy to your domain user OU (or department OU or
whatnot), and it wouldn't affect your administrators.
Thanks
Yahya
"Lanwench [MVP - Exchange]" wrote:
Twayne <nobody@xxxxxxxxxxxxxxxxxxx> wrote:
yba02 <yba02@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi,
Running Windows XP SP2.
Is there a way where I can apply group policy
on some users and
exclude other users, such as administrators?
Example, I need to
restrict access to all hard disks on the
machine on members of the
"users" group, while members of
"administrators" group can still
access those HD's.
Any input is highly appreciated.
Thanks
Yahya
Not without AD. In standalone XP & 2k, local
policies are per
machine, not per user. Check out Windows Steady
State or Doug Knox's
XP Security Console (google it) for options.
But it could be done by assigning the users to
user groups, could it not? Some admin, some power
users, etc.? Admins will have access to all, and
others limited as the programmer prefers, right?
What do you mean by "AD"?
Twayne
AD = Active Directory.
Without AD in use, you can't use policies unless you want them to
affect all users per machine - group membership has nothing to do
with it. The word "group" in "group policy" frequently confuses
people :-)
.
- Follow-Ups:
- Re: Group Policy
- From: yba02
- Re: Group Policy
- References:
- Group Policy
- From: yba02
- Re: Group Policy
- From: Lanwench [MVP - Exchange]
- Re: Group Policy
- From: Twayne
- Re: Group Policy
- From: Lanwench [MVP - Exchange]
- Re: Group Policy
- From: yba02
- Re: Group Policy
- From: Lanwench [MVP - Exchange]
- Re: Group Policy
- From: yba02
- Group Policy
- Prev by Date: Re: Group Policy
- Next by Date: Re: Group Policy
- Previous by thread: Re: Group Policy
- Next by thread: Re: Group Policy
- Index(es):
Relevant Pages
|
