+ Post New Thread
Results 1 to 11 of 11
Windows Server 2008 R2 Thread, in a bit of a muddle with policies in Technical; Hi all, I'm trying to apply a policy to all curriculum workstations for all staff users in the past students ...
  1. #1

    Join Date
    Jul 2009
    Location
    Ryde
    Posts
    118
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    11

    in a bit of a muddle with policies

    Hi all,

    I'm trying to apply a policy to all curriculum workstations for all staff users
    in the past students were locked down with a student lockdown policy linked to students container, but I can't necessarily do this with staff as I dont want it to apply to staff laptops. (basically want to keep curric machines clean and tidy)

    I've tried all sorts of things and cant seem to find the right combination

    I have a test staff account and I can get my policy to work if I apply it to the staff container and then add this one user to security filtering, but this affects ALL computers....I just want curric machines...

    help!

  2. #2

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,678
    Thank Post
    122
    Thanked 126 Times in 102 Posts
    Rep Power
    45
    Could you put the Curric machines into an OU? For example I have a "School Computers" OU then subcontainers for each department and a seperate "Other" OU?

  3. #3

    Join Date
    Jul 2009
    Location
    Ryde
    Posts
    118
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    We already do, Have a Curric machines OU with subfolders for each classroom and a seperate OU for staff laptops, but if I assign the policy to the curriculum machines container and run gpresult /v it says the policy is disabled due to security filtering, even though the user is assigned to the policy aswell.

    *headaches*

  4. #4

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,187
    Thank Post
    285
    Thanked 775 Times in 585 Posts
    Rep Power
    336
    If you want to apply it to the computer OU, you either have to set the policy in the Computer Configuration rather than User COnfiguration of the GPO, or use loopback processing, but if you enable loopback it will affect how other policies are applied.

  5. #5

    Join Date
    Jul 2009
    Location
    Ryde
    Posts
    118
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    hmmm computer configuration isnt an option really as its stuff to do with start menu's, folder redirection etc that arent available under computer configuration.
    how does loopback processing work?

  6. #6

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,187
    Thank Post
    285
    Thanked 775 Times in 585 Posts
    Rep Power
    336

  7. #7

    Join Date
    Dec 2009
    Posts
    270
    Thank Post
    6
    Thanked 33 Times in 31 Posts
    Rep Power
    15
    Create a security group and add the machines you want to target as members
    Create a security and add the users you want to target as members
    Under the policy remove, authenticated users from security Filtering, and add the 2 newly created groups

    This should work if I understand the issue correctly, this is very much how we set our policies

  8. #8

    Join Date
    Jul 2009
    Location
    Ryde
    Posts
    118
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    Doesnt seem to work - followed that exactly as you said - have a curric machines security group and an all staff security group added them both to security filtering and removed authenticated users and then linked the GPO to the Class rooms OU in AD
    If I login as a member of staff I get nothing (no changes)
    tried running group policy modeling and that doesnt seem to apply the changes either.
    *grinds face against wall*

  9. #9

    Join Date
    Dec 2009
    Posts
    270
    Thank Post
    6
    Thanked 33 Times in 31 Posts
    Rep Power
    15
    I assume once you applied the GPO you ran a gpupdate /force? did this work?
    If you run a Gpresult /R does it tell you if the policy is applying? if not does it give a reason as to why?

  10. #10

    Join Date
    Jul 2009
    Location
    Ryde
    Posts
    118
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    gpupdate /force then gpresult /v
    it comes up under applied group policy objects, but not under the user configuration part - which is where all my changes are..hmmff...couldnt seem to get the loopback thing to work either.

    time to go home!

  11. #11

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    If you are applying changes which are "user" changes but you want them applied to "machines" then you need to setup loopback (and it is a pig ...) *and* do the security settings *and* apply the GPO at the right level.

    You could also look at WMI filters - this makes it easier because you can then say "apply the policy to these users if the machine is a desktop" (but not that the "desktop" detection logic only works well for Vista/Windows 7; there's no good WMI filter for finding desktops in XP [best I've seen is to look at DIMM type; if all your desktops have DIMMs and all your laptops have SODIMMs])

SHARE:
+ Post New Thread

Similar Threads

  1. Win 2003 32-bit > Win 2008 R2 64-bit
    By Chuckster in forum Windows Server 2008 R2
    Replies: 10
    Last Post: 18th February 2010, 04:47 PM
  2. Installing 32 bit apps on 64 bit server
    By Number6 in forum Windows Server 2008
    Replies: 10
    Last Post: 27th July 2009, 01:05 PM
  3. Getting in a muddle with SQL Server
    By sidewinder in forum Windows
    Replies: 1
    Last Post: 17th November 2008, 02:43 PM
  4. Policies
    By KWestos in forum Windows
    Replies: 3
    Last Post: 3rd July 2008, 12:52 PM
  5. What Policies?
    By pallen in forum School ICT Policies
    Replies: 5
    Last Post: 17th March 2008, 03:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •