+ Post New Thread
Results 1 to 7 of 7
Windows Server 2008 R2 Thread, Group policy user config in Technical; If I make a Group policy and in the settings tab there is no settings defined in the computer config ...
  1. #1

    Join Date
    Jul 2010
    Posts
    547
    Thank Post
    65
    Thanked 21 Times in 18 Posts
    Rep Power
    13

    Group policy user config

    If I make a Group policy and in the settings tab there is no settings defined in the computer config but in the user config is where I have settings applied.

    In the scope section should this be applied to computers or users? or does it not matter?

    Hope this makes sense

  2. #2
    detjo's Avatar
    Join Date
    Feb 2008
    Posts
    355
    Thank Post
    13
    Thanked 47 Times in 39 Posts
    Rep Power
    31
    Users, and computer settings applies to computers. Otherwise it doesnt apply the policy (unless you're using loopback)

  3. #3

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,833
    Thank Post
    840
    Thanked 1,399 Times in 962 Posts
    Blog Entries
    47
    Rep Power
    603
    For reference, if you're setting a User setting on a computer OU (because the options between the two sections are different, but you need to define something by logged on location) you need to go to computer config > admin templates > system > group policy > User group policy loopback processing mode, and set it to merge.

    Setting it to replace means the log on will ignore all user settings defined at a user level and just use the settings defined in that computer GPO. useful if you're setting up a very locked down location.

    All your GPOs with empty sections should have said empty section disabled as well, to speed up processing; on the Details tab of a group policy, change the GPO Status from Enabled to "Computer config disabled" (where you only have settings under User) or "User config disabled" (where you only have settings under Computer). Just makes logons a little bit quicker.

  4. #4

    Join Date
    Jul 2010
    Posts
    547
    Thank Post
    65
    Thanked 21 Times in 18 Posts
    Rep Power
    13
    Ok guys Im so close I can almost taste it.

    Been having a poke about in regedit and my problem is in current users > software > office >14 > common > vbaoff (1)
    and in local machine > software > office >14 >common >vbaoff (1)

    if im an admin i can go in and turn them both to 0 and problem solved.
    if im a normal user ( i have allowed access to regedit for this) i can only update the current user when i go to local machine and try to change i get an error

    I have now got a group policy that uses the admin templates so
    computer config > policies > admin templates > microsoft office 2010(machine) >disable VBA for Office > disabled (needs to be disabled to enable it, well done microsoft)
    and user config > policies . admin templates > microsoft office 2012 > disable vba for office > disable

    i have given the security filtering to just one test member of staff logging on a computer and goint to regedit it looks like the current user setting has changed but the locam machine setting has not.
    Is there anyway around this?

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,246
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    Quote Originally Posted by MattDLEA View Post
    If I make a Group policy and in the settings tab there is no settings defined in the computer config but in the user config is where I have settings applied.

    In the scope section should this be applied to computers or users? or does it not matter?

    Hope this makes sense
    Really depends how your OUs are setup. Generally speaking you'd create an OU labelled Curric, then create sub OUs labelled Users and another called Workstations for example. Typically you'd link your main Curric GPO to Curric, but anything else more specific such as deploying MSIs or other system settings could be linked to the Workstations OU. Hope this makes sense!

  6. #6

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,833
    Thank Post
    840
    Thanked 1,399 Times in 962 Posts
    Blog Entries
    47
    Rep Power
    603
    So you have the settings in a GPO, with something set in both computer config and user config, applied to a computer OU, with security filtering set to a user group?

    If so, then your computer would also need to be a member of said security group. Alternatively, add Domain Computers alongside it.

    If you're still having problems, and you know the reg key you need to set, you could use Group Policy Preferences to set the key (lets you set HKLM and HKCU keys without needing to grant security access to regedit, which you're better off not doing)
    Last edited by sonofsanta; 26th November 2012 at 11:26 AM. Reason: oh god my brain is not awake yet

  7. #7

    Join Date
    Jul 2010
    Posts
    547
    Thank Post
    65
    Thanked 21 Times in 18 Posts
    Rep Power
    13
    Thanks for helping sonofsanta

    correct i have both computer and user config applied in on group policy in the security filtering I have removed authenticated users and have added matt ( test user) and now PC17 which is the computer i have tested it on.

    restarted computer a few times and still no luck with the LM key. i have logged on as admin and done gpupdate /force which but still the value is 1 not 0

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 20
    Last Post: 30th April 2012, 01:26 PM
  2. Using Group Policy to allow a user to install software
    By kaphc in forum Windows Server 2000/2003
    Replies: 3
    Last Post: 16th December 2009, 08:37 PM
  3. Group Policy - Set User Desktops and Start Menu's
    By Iain.Faulkner in forum Windows Server 2008
    Replies: 12
    Last Post: 7th September 2009, 10:36 PM
  4. Replies: 1
    Last Post: 17th April 2008, 04:44 PM
  5. Replies: 4
    Last Post: 12th July 2007, 08:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •