+ Post New Thread
Results 1 to 9 of 9
Windows Thread, security filtering on group policies. in Technical; In an OU I'm trying to apply a policy to only a few computers. I've created a security group in ...
  1. #1
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,524
    Thank Post
    106
    Thanked 88 Times in 74 Posts
    Blog Entries
    46
    Rep Power
    40

    security filtering on group policies.

    In an OU I'm trying to apply a policy to only a few computers.

    I've created a security group in AD and added the 2 computers to it

    In GPM for the policy in question I removed the defaults on security filtering and added the above security group.

    when I use group policy modelling with 1 of these computers, it comes up as access denied (security filtering)


    I'm wondering if this is something to do with the fact this is a loopback policy.
    Do I need to add a user group to the security filtering too?

    with a computer and a user group in security filtering does this turn into a both have to be satisfied situation?

    thx

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Quote Originally Posted by browolf View Post
    In an OU I'm trying to apply a policy to only a few computers.

    I've created a security group in AD and added the 2 computers to it

    In GPM for the policy in question I removed the defaults on security filtering and added the above security group.

    when I use group policy modelling with 1 of these computers, it comes up as access denied (security filtering)


    I'm wondering if this is something to do with the fact this is a loopback policy.
    Do I need to add a user group to the security filtering too?

    with a computer and a user group in security filtering does this turn into a both have to be satisfied situation?

    thx
    Yes, if it's loopback then you want to filter based on user/group membership rather than machine accounts.

  3. #3
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,524
    Thank Post
    106
    Thanked 88 Times in 74 Posts
    Blog Entries
    46
    Rep Power
    40
    In that case it needs to be both. ie all pupils on 2 machines.

  4. #4
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,524
    Thank Post
    106
    Thanked 88 Times in 74 Posts
    Blog Entries
    46
    Rep Power
    40
    ok that works but something else now

    I've got 2 loopback policies. The one mentioned above is called
    localised start menus (restricted)

    I need it to "overwrite" a different loopbakl policy called
    classrooms:loopback

    except it isnt doing. is there a way for the start menu one to gain more importance?
    Attached Images Attached Images

  5. #5
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    20
    In the GPMC - navigate to the OU where the policies are applied.
    Click that OU and then click 'Linked Group Policy Objects'.

    I believe that the higher the link order - the more precedence the policy is given, but I may be mistaken.

    Unfortunately I can't help you all that much more as the image you supplied is very small and it's tough to actually see it.

    Az

  6. #6
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,524
    Thank Post
    106
    Thanked 88 Times in 74 Posts
    Blog Entries
    46
    Rep Power
    40
    it was full size when i uploaded it....

    i've got it working by putting the one i want to take precedencee slightly deeper into the AD. the further in they are the more they take precedence.

  7. #7

    Join Date
    Aug 2007
    Posts
    811
    Thank Post
    98
    Thanked 64 Times in 46 Posts
    Rep Power
    26
    Im having the same problem here....
    It is our terminal server and as we have Loopback enabled all the user settings are effecting admins also...
    I just want the "terminalservices_users" GP to be applied to the staff...

    So i thought, easy just use the "security Filtering" and remove "auth users" and put in the staff group (just teachers)



    but when i run the group policy results tool for a user in the staff group i get:



    In the post above it says you also need a computer account, but this is the only PC they will ever log into as it is our terminal server, if i aslo add our TS1 server in the policy filtering then it applies the policy to anyone including admins....

    Anyone please got any ideas?
    Last edited by burgemaster; 6th August 2008 at 09:02 PM.

  8. #8

    Join Date
    Apr 2007
    Location
    Croydon
    Posts
    497
    Thank Post
    18
    Thanked 31 Times in 30 Posts
    Rep Power
    20
    Quote Originally Posted by burgemaster View Post
    Im having the same problem here....
    It is our terminal server and as we have Loopback enabled all the user settings are effecting admins also...
    I just want the "terminalservices_users" GP to be applied to the staff...

    So i thought, easy just use the "security Filtering" and remove "auth users" and put in the staff group (just teachers)



    but when i run the group policy results tool for a user in the staff group i get:



    In the post above it says you also need a computer account, but this is the only PC they will ever log into as it is our terminal server, if i aslo add our TS1 server in the policy filtering then it applies the policy to anyone including admins....

    Anyone please got any ideas?
    I've just setup up our loopback policy not to apply to admins when they log on to our terminal servers. I did it by specifically denying the Enterprise Admins group the right to apply the policy

    In GPMC click on your loopback gpo, select the delegation tab, click the advanced button, select deny apply group policy against your Enterprise Admins, Domain Admins or whatever security group your using.

    Then it won't apply the loopback policy to members of that group.

  9. #9

    Join Date
    Aug 2007
    Posts
    811
    Thank Post
    98
    Thanked 64 Times in 46 Posts
    Rep Power
    26
    thanks for the reply mate...
    I will try that now
    Last edited by burgemaster; 6th August 2008 at 10:20 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 2
    Last Post: 27th January 2011, 12:06 PM
  2. Trusted sites in group policies
    By cjohnsonuk in forum Windows
    Replies: 0
    Last Post: 16th April 2008, 03:02 PM
  3. Not picking up group policies or profiles??
    By Andie in forum Wireless Networks
    Replies: 10
    Last Post: 18th March 2008, 02:58 PM
  4. group policies for XP on 200 server
    By e_g_r in forum Windows
    Replies: 4
    Last Post: 25th August 2006, 09:12 AM
  5. Trusted Sites via Group Policies?
    By mullet_man in forum Wireless Networks
    Replies: 5
    Last Post: 12th January 2006, 02:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •