manogue
asked on
Administrator GPO Loopback Problem
I have an OU that contains "Kiosk" type computers where many users (students) will be logging in, as well as to their own
personal PC's on my domain.
So I have created very restrictive GPO's on the Kiosk OU that takes away just about everything you can take away on a Desktop.
I use the "Loopback" feature on the Kiosk OU, so that when they log onto their personal laptops elsewhere in the school they are not locked down.
My problem is now that when I go to any PC contained in the Kiosk OU and attempt to login with the "Adminsitrator" account,
I get the same restrickted desktop as the students.
How do I prevent a GPO Loopback from Applying to Administrator account?
Perhaps this isn't the exact right approach to solving the problem... but you understand the ultimate goal.
I want the Administrator to be unrestricted when I log in.
I have tried to remove the Domain Admin group from the "Delegation" tab in the Group Policy Management Console for
the obove mentioned GPO with no success.
Any assistance is greatly appreciated!
personal PC's on my domain.
So I have created very restrictive GPO's on the Kiosk OU that takes away just about everything you can take away on a Desktop.
I use the "Loopback" feature on the Kiosk OU, so that when they log onto their personal laptops elsewhere in the school they are not locked down.
My problem is now that when I go to any PC contained in the Kiosk OU and attempt to login with the "Adminsitrator" account,
I get the same restrickted desktop as the students.
How do I prevent a GPO Loopback from Applying to Administrator account?
Perhaps this isn't the exact right approach to solving the problem... but you understand the ultimate goal.
I want the Administrator to be unrestricted when I log in.
I have tried to remove the Domain Admin group from the "Delegation" tab in the Group Policy Management Console for
the obove mentioned GPO with no success.
Any assistance is greatly appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi manogue,
I followed the same steps and received the same results as you did.
My fault...I thought I have done this procedure several times before
and did not test it before posting
The way I just got around my mistake right now was to create a new user in the Enterprise Admin group.
Run the Group Policy Management Console as that new user >> then removed the deny 'Read' part of the settings
and left the deny 'apply group policy'. Then, of course , deleted the new user.
Again...I apologize for my mistake and being so sloppy. I should not have told you to deny 'Read'
We'll get it fixed!
I followed the same steps and received the same results as you did.
My fault...I thought I have done this procedure several times before
and did not test it before posting
The way I just got around my mistake right now was to create a new user in the Enterprise Admin group.
Run the Group Policy Management Console as that new user >> then removed the deny 'Read' part of the settings
and left the deny 'apply group policy'. Then, of course , deleted the new user.
Again...I apologize for my mistake and being so sloppy. I should not have told you to deny 'Read'
We'll get it fixed!
ASKER
Ah Ha!!!
Works like a charm now!!
Thank you so much for your time and help!!!
Works like a charm now!!
Thank you so much for your time and help!!!
Great!
Thanks for the points and for being understanding of my mistake.
Thanks for the points and for being understanding of my mistake.
ASKER