?
Solved

Administrator GPO Loopback Problem

Posted on 2004-08-21
5
Medium Priority
?
592 Views
Last Modified: 2010-04-19
I have an OU that contains "Kiosk" type computers where many users (students) will be logging in, as well as to their own
personal PC's on my domain.
So I have created very restrictive GPO's on the Kiosk OU that takes away just about everything you can take away on a Desktop.
I use the "Loopback" feature on the Kiosk OU, so that when they log onto their personal laptops elsewhere in the school they are not locked down.

My problem is now that when I go to any PC contained in the Kiosk OU and attempt to login with the "Adminsitrator" account,
I get the same restrickted desktop as the students.

How do I prevent a GPO Loopback from Applying to Administrator account?
Perhaps this isn't the exact right approach to solving the problem... but you understand the ultimate goal.

I want the Administrator to be unrestricted when I log in.

I have tried to remove the Domain Admin group from the "Delegation" tab in the Group Policy Management Console for
the obove mentioned GPO with no success.

Any assistance is greatly appreciated!
0
Comment
Question by:manogue
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
mdiglio earned 2000 total points
ID: 11862683
Hello,
The Domain Admin group is still being affected
because they are receiving the policy through the Authenticated Users group.
 
From the delegation tab within the group policy management console
click the advanced tab. From the Security Settings box you will need
to deny the Domain Admin group 'apply group policy' and 'read'

It is perfectly acceptable to use deny when using group policy
In case you are worried about the deny part of the soultion here is a link for some comfort:
http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/filter.htm

Hope this helps!
0
 

Author Comment

by:manogue
ID: 11875671
Okay... I did what you said... now I cannont administer that policy at all.

0
 
LVL 16

Expert Comment

by:mdiglio
ID: 11876097
Hi manogue,

I followed the same steps and received the same results as you did.
My fault...I thought I have done this procedure several times before
and did not test it before posting

The way I just got around my mistake right now was to create a new user in the Enterprise Admin group.
Run the Group Policy Management Console as that new user >> then removed the deny 'Read' part of the settings
and left the deny 'apply group policy'. Then,  of course , deleted the new user.

Again...I apologize for my mistake and being so sloppy. I should not have told you to deny 'Read'

We'll get it fixed!

0
 

Author Comment

by:manogue
ID: 11876137
Ah Ha!!!

Works like a charm now!!

Thank you so much for your time and help!!!
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 11877382
Great!
Thanks for the points and for being understanding of my mistake.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question