Windows Thread, security filtering on group policies. in Technical; In an OU I'm trying to apply a policy to only a few computers.
I've created a security group in ...
15th July 2008, 01:18 PM #1
security filtering on group policies.
In an OU I'm trying to apply a policy to only a few computers.
I've created a security group in AD and added the 2 computers to it
In GPM for the policy in question I removed the defaults on security filtering and added the above security group.
when I use group policy modelling with 1 of these computers, it comes up as access denied (security filtering)
I'm wondering if this is something to do with the fact this is a loopback policy.
Do I need to add a user group to the security filtering too?
with a computer and a user group in security filtering does this turn into a both have to be satisfied situation?
15th July 2008, 01:29 PM #2
Yes, if it's loopback then you want to filter based on user/group membership rather than machine accounts.
Originally Posted by browolf
15th July 2008, 02:05 PM #3
In that case it needs to be both. ie all pupils on 2 machines.
15th July 2008, 05:26 PM #4
ok that works but something else now
I've got 2 loopback policies. The one mentioned above is called
localised start menus (restricted)
I need it to "overwrite" a different loopbakl policy called
except it isnt doing. is there a way for the start menu one to gain more importance?
16th July 2008, 11:57 AM #5
In the GPMC - navigate to the OU where the policies are applied.
Click that OU and then click 'Linked Group Policy Objects'.
I believe that the higher the link order - the more precedence the policy is given, but I may be mistaken.
Unfortunately I can't help you all that much more as the image you supplied is very small and it's tough to actually see it.
16th July 2008, 12:21 PM #6
it was full size when i uploaded it....
i've got it working by putting the one i want to take precedencee slightly deeper into the AD. the further in they are the more they take precedence.
6th August 2008, 09:56 PM #7
Im having the same problem here....
It is our terminal server and as we have Loopback enabled all the user settings are effecting admins also...
I just want the "terminalservices_users" GP to be applied to the staff...
So i thought, easy just use the "security Filtering" and remove "auth users" and put in the staff group (just teachers)
but when i run the group policy results tool for a user in the staff group i get:
In the post above it says you also need a computer account, but this is the only PC they will ever log into as it is our terminal server, if i aslo add our TS1 server in the policy filtering then it applies the policy to anyone including admins....
Anyone please got any ideas?
Last edited by burgemaster; 6th August 2008 at 10:02 PM.
6th August 2008, 10:23 PM #8
I've just setup up our loopback policy not to apply to admins when they log on to our terminal servers. I did it by specifically denying the Enterprise Admins group the right to apply the policy
Originally Posted by burgemaster
In GPMC click on your loopback gpo, select the delegation tab, click the advanced button, select deny apply group policy against your Enterprise Admins, Domain Admins or whatever security group your using.
Then it won't apply the loopback policy to members of that group.
6th August 2008, 11:18 PM #9
thanks for the reply mate...
I will try that now
Last edited by burgemaster; 6th August 2008 at 11:20 PM.
Last Post: 27th January 2011, 01:06 PM
By cjohnsonuk in forum Windows
Last Post: 16th April 2008, 04:02 PM
By Andie in forum Wireless Networks
Last Post: 18th March 2008, 03:58 PM
By e_g_r in forum Windows
Last Post: 25th August 2006, 10:12 AM
By mullet_man in forum Wireless Networks
Last Post: 12th January 2006, 03:42 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)