Windows Thread, Windows 2003 Server Policies in Technical; Hiya,
I'm pretty new to Group Policies and have a slight problem with what I'm setting up. I'm using the ...
14th March 2008, 11:51 AM #1
Windows 2003 Server Policies
I'm pretty new to Group Policies and have a slight problem with what I'm setting up. I'm using the Group Policy Management Console rather than just the built-in stuff. I want all staff and all pupils to be tied right down on the computer suite PC's but staff to have free roam on their laptops and Administrators to have free roam over everything. I figured the best way to do this is to apply the policy which restricts access to just about everything to the OU containing the suite of computers, so I have done so but I have the following problem;
When selecting the policy in the left pane and choosing the Scope tab in the right, at the bottom if I only add staff and pupils the policy doesn't apply. Running the Group Policy Results Wizard it says that the policy is inaccessible. I found a couple of websites that say that Domain Admins need to be on any policy otherwise this happens.
When adding Administrators to the policy, it applies to the Administrators who log in to the PC too despite the fact that under the Delegation tab Domain admins don't have 'Apply policy' checked. Only Staff and Pupils have this checked.
I've got the loopback processing mode enabled too.
Can anyone help me get a policy to apply to only apply to my staff and pupils groups on a suite of PC's please? Obviously I can't apply the policy to the OU containing the pupils and then the OU containing the staff too because that would mean the staff would be restricted when they log in on their laptops too.
Thanks a lot
IDG Tech News
14th March 2008, 12:01 PM #2
- Rep Power
Loopback will apply the user settings regardless of who logs on. If you have applied settings in the computer group you will need to change them when either staff or admin logon to make them "reset" to the original configuration.
I would have thought that the restrictions you would be setting are the same for all suites of PCs execpt the laptops for staff? If this is the case you could just make the laptops a seperate case and lockdown the rest of computers the same by using the user configuration.
This has happened to me when I tried to make changes per computer group and found some interesting results with loopback enabled. I ended up making changes to the user groups and logon scripts to make the desired effect.
Last edited by pallen; 14th March 2008 at 12:04 PM.
14th March 2008, 12:48 PM #3
What I usually do is create a standard local account on all laptops. This gives staff full access to the laptop and is also suitable for them to use at home for planning etc...
You can do this from the MMC
By Steven in forum Wireless Networks
Last Post: 22nd February 2008, 12:34 PM
By CESIL in forum Windows
Last Post: 22nd November 2007, 11:24 AM
By Zoom7000 in forum Windows
Last Post: 5th July 2007, 11:43 PM
By mrforgetful in forum Windows
Last Post: 17th June 2007, 01:51 PM
By Gordie in forum Windows
Last Post: 22nd February 2006, 11:50 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)