+ Post New Thread
Results 1 to 3 of 3
Windows Thread, Windows 2003 Server Policies in Technical; Hiya, I'm pretty new to Group Policies and have a slight problem with what I'm setting up. I'm using the ...
  1. #1

    Jawloms's Avatar
    Join Date
    Aug 2007
    Thank Post
    Thanked 105 Times in 73 Posts
    Rep Power

    Windows 2003 Server Policies


    I'm pretty new to Group Policies and have a slight problem with what I'm setting up. I'm using the Group Policy Management Console rather than just the built-in stuff. I want all staff and all pupils to be tied right down on the computer suite PC's but staff to have free roam on their laptops and Administrators to have free roam over everything. I figured the best way to do this is to apply the policy which restricts access to just about everything to the OU containing the suite of computers, so I have done so but I have the following problem;

    When selecting the policy in the left pane and choosing the Scope tab in the right, at the bottom if I only add staff and pupils the policy doesn't apply. Running the Group Policy Results Wizard it says that the policy is inaccessible. I found a couple of websites that say that Domain Admins need to be on any policy otherwise this happens.

    When adding Administrators to the policy, it applies to the Administrators who log in to the PC too despite the fact that under the Delegation tab Domain admins don't have 'Apply policy' checked. Only Staff and Pupils have this checked.

    I've got the loopback processing mode enabled too.

    Can anyone help me get a policy to apply to only apply to my staff and pupils groups on a suite of PC's please? Obviously I can't apply the policy to the OU containing the pupils and then the OU containing the staff too because that would mean the staff would be restricted when they log in on their laptops too.

    Thanks a lot


  2. #2

    Join Date
    Mar 2007
    Thank Post
    Thanked 9 Times in 8 Posts
    Rep Power
    Loopback will apply the user settings regardless of who logs on. If you have applied settings in the computer group you will need to change them when either staff or admin logon to make them "reset" to the original configuration.

    I would have thought that the restrictions you would be setting are the same for all suites of PCs execpt the laptops for staff? If this is the case you could just make the laptops a seperate case and lockdown the rest of computers the same by using the user configuration.

    This has happened to me when I tried to make changes per computer group and found some interesting results with loopback enabled. I ended up making changes to the user groups and logon scripts to make the desired effect.
    Last edited by pallen; 14th March 2008 at 12:04 PM.

  3. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Thank Post
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    What I usually do is create a standard local account on all laptops. This gives staff full access to the laptop and is also suitable for them to use at home for planning etc...

    You can do this from the MMC

+ Post New Thread

Similar Threads

  1. Replies: 8
    Last Post: 22nd February 2008, 12:34 PM
  2. Windows Server 2003 - time server settings
    By CESIL in forum Windows
    Replies: 4
    Last Post: 22nd November 2007, 11:24 AM
  3. Replies: 5
    Last Post: 5th July 2007, 11:43 PM
  4. Windows Server 2003 File Server Resource Manager
    By mrforgetful in forum Windows
    Replies: 1
    Last Post: 17th June 2007, 01:51 PM
  5. MS Windows 2003 Server
    By Gordie in forum Windows
    Replies: 3
    Last Post: 22nd February 2006, 11:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts