?
Solved

Different Policies (or other way) for different groups

Posted on 2006-05-31
18
Medium Priority
?
166 Views
Last Modified: 2010-04-13

Hi,

  I need to have different Policies for different groups, how can this be done? I tried the gpedit.msc of 2k server but those settings affect all users in the server. I´m not using Active Directory Service as I don´t need to use domain users (for now).

Thanks

aom
0
Comment
Question by:andreom
18 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16804929
Hi andreom,

you can't, not without a fight, why not promote to a domain and go from there

local policy affects all
0
 
LVL 88

Expert Comment

by:rindi
ID: 16806009
If you don't use a domain, or if there is no other system like novell's nds or e-directory, you have to do that individually on each PC.
0
 
LVL 16

Expert Comment

by:Redwulf__53
ID: 16806172
Sounds like you DO need to use Domain users (from now on)
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 

Author Comment

by:andreom
ID: 16806411
In fact for now I don´t need to use Domain users as this server is an Application Server (Terminal Services) that provides services like database and TS, which are not domain or OS security dependent (but TS OSs permissions need differentiated control for each group of users). So there's only one machine: the server. Such an obvious application of different OS behavior for different groups should be more straighforward...

If I promote the machine to a domain server will this task (set different behaviors and permissions) for different groups be a simple one?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16806598
not a big difference, you may find you need to iron out a few security problems but its not going to be a complex move
0
 

Author Comment

by:andreom
ID: 16811822
Again: Such an obvious application of different OS behavior for different groups should be more straighforward...
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16812121
should.......but isnt
0
 

Author Comment

by:andreom
ID: 16812566
is it possible to set these policies user by user (remember, thats in the same server, no pdc)?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16812578
not without a domain environment, a local policy affects ALL users unless you follow this link which is a battle, this is simply a limitation with local policies

http://support.microsoft.com/?id=293655
0
 

Author Comment

by:andreom
ID: 16812596
I don´t know policy internals very well. Does every user have their own policy files (Registry.pol or something)?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16812613
something along those lines, i dont use local policies.... i need two user with different policies, fine, in goes a domain!
0
 

Author Comment

by:andreom
ID: 16812648
Promoting the server to a domain controler would make it any better? How?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16812682
you then have active directory, of why you can apply policies per OU and filer users in or out
0
 

Author Comment

by:andreom
ID: 16813741
Ok, I installed the Active Directory, created the OU and created some users and groups in it.

When logging on by TS the error "The local policy of this system does not permit you to logon interactively" shows.

I edited the server and the OU policies, including these uses and groups in the

Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment
In the right pane of the Group Policy dialog box, right-click Log on locally, and then click Security

but the error persists...
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
ID: 16813763
do that same setting on the default domain controllers policy

also add your user to the remote desktop users
0
 

Author Comment

by:andreom
ID: 16813999

do that same setting on the default domain controllers policy => it was done

also add your user to the remote desktop users => The server doesn´t have it (windows 2000 server?)
0
 

Author Comment

by:andreom
ID: 16814255
The article http://support.microsoft.com/kb/247989/EN-US/ solved the problem,

Thanks Jay_Jay70 for your attention
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16814701
no problem
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
I came across an unsolved Outlook issue and here is my solution.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month13 days, 23 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question