Different Policies (or other way) for different groups


Hi,

  I need to have different Policies for different groups, how can this be done? I tried the gpedit.msc of 2k server but those settings affect all users in the server. I´m not using Active Directory Service as I don´t need to use domain users (for now).

Thanks

aom
andreomAsked:
Who is Participating?
 
Jay_Jay70Commented:
do that same setting on the default domain controllers policy

also add your user to the remote desktop users
0
 
Jay_Jay70Commented:
Hi andreom,

you can't, not without a fight, why not promote to a domain and go from there

local policy affects all
0
 
rindiCommented:
If you don't use a domain, or if there is no other system like novell's nds or e-directory, you have to do that individually on each PC.
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
Redwulf__53Commented:
Sounds like you DO need to use Domain users (from now on)
0
 
andreomAuthor Commented:
In fact for now I don´t need to use Domain users as this server is an Application Server (Terminal Services) that provides services like database and TS, which are not domain or OS security dependent (but TS OSs permissions need differentiated control for each group of users). So there's only one machine: the server. Such an obvious application of different OS behavior for different groups should be more straighforward...

If I promote the machine to a domain server will this task (set different behaviors and permissions) for different groups be a simple one?
0
 
Jay_Jay70Commented:
not a big difference, you may find you need to iron out a few security problems but its not going to be a complex move
0
 
andreomAuthor Commented:
Again: Such an obvious application of different OS behavior for different groups should be more straighforward...
0
 
Jay_Jay70Commented:
should.......but isnt
0
 
andreomAuthor Commented:
is it possible to set these policies user by user (remember, thats in the same server, no pdc)?
0
 
Jay_Jay70Commented:
not without a domain environment, a local policy affects ALL users unless you follow this link which is a battle, this is simply a limitation with local policies

http://support.microsoft.com/?id=293655
0
 
andreomAuthor Commented:
I don´t know policy internals very well. Does every user have their own policy files (Registry.pol or something)?
0
 
Jay_Jay70Commented:
something along those lines, i dont use local policies.... i need two user with different policies, fine, in goes a domain!
0
 
andreomAuthor Commented:
Promoting the server to a domain controler would make it any better? How?
0
 
Jay_Jay70Commented:
you then have active directory, of why you can apply policies per OU and filer users in or out
0
 
andreomAuthor Commented:
Ok, I installed the Active Directory, created the OU and created some users and groups in it.

When logging on by TS the error "The local policy of this system does not permit you to logon interactively" shows.

I edited the server and the OU policies, including these uses and groups in the

Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment
In the right pane of the Group Policy dialog box, right-click Log on locally, and then click Security

but the error persists...
0
 
andreomAuthor Commented:

do that same setting on the default domain controllers policy => it was done

also add your user to the remote desktop users => The server doesn´t have it (windows 2000 server?)
0
 
andreomAuthor Commented:
The article http://support.microsoft.com/kb/247989/EN-US/ solved the problem,

Thanks Jay_Jay70 for your attention
0
 
Jay_Jay70Commented:
no problem
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.