AD, GPO, WMI - In relation to blocking inheritence in GPMC
Bare with me as ill try to explain fully so people could possibly give an alternative method.
Im just about to deploy Lanview via GPO. The structure of AD is such that the teachers machine is i a seperate OU, but within the rooms OU;
ICT Rooms¬
---------------R46¬
---------------------Teacher
---------------R47¬
---------------------Teacher
When i made it this way i thought id be alright as "anything i want to deploy to the kids im sure ill want on the teachers machine" - how wrong was i :doh:
Problem is with this structure when i deploy the Lanview Client it will go on the teachers machine - this i dont want as if she knocks the kids internet off, it will also knock hers off! opps!
I could restructure AD, but tbh this would be abit of a pain to do while Live.
I could stop inheritence of GPOs, but that would mean id have to link all other GPOs directly, or enforce them but this kills that option for the time when i *really* need to use "enforce/block inheritence"
WMI filters?????? Never even looked at them at all so... Can i adapt one for my purpose? And how would i achieve it? Any guides/pointers? :beer:
Or any other ideas?
Re: AD, GPO, WMI - In relation to blocking inheritence in GPMC
I've never used them either sorry, but I will say that here if a room's internet goes off, it's off for the teacher aswell, only fair! lol
Re: AD, GPO, WMI - In relation to blocking inheritence in GPMC
Use a security filter.
1. Make a domain group called 'Teachers PCs', add all the computer accounts to this group.
2. Create your GPO in the GPMC and view it.
3. Go to the security filtering section and remove the 'Authenticated Users' filter.
4. Add your 'Teachers PCs' group as a security filter.
Re: AD, GPO, WMI - In relation to blocking inheritence in GPMC
how many posts are you making geoff lol ?
Re: AD, GPO, WMI - In relation to blocking inheritence in GPMC
You could create 2 sub-OUs ... teacher and classroom. You then apply the GPO for the LANview install to just the classroom OU.
Re: AD, GPO, WMI - In relation to blocking inheritence in GP
Would a quick fix be to simply remove the "teachers" group from read permissions of the file that the script is pointing at? May get a little error but assuming they already have a group this seems like a quick way to prevent them from having it installed.
Re: AD, GPO, WMI - In relation to blocking inheritence in GP
Cheers people. You know sometimes i over complicate things...
If i were to create another OU and move the pupil PCs in would teh software redeploy? Or would it just leave as is?
Re: AD, GPO, WMI - In relation to blocking inheritence in GP
Only just spotted this - so I apologise. I knows it's probably too late.
No need to change your AD in any way.
Carry on as you are. LanView 3 has the ability to ignore certain users. Add the teacher/s to the ignored user's group and they will never have the web banned.
In the same manner - if a pupil logs on to the teachers PC, their internet will be banned. This would be the problem by using AD Block inheritance.
