Solved

Group Policy, security filtering

Posted on 2006-10-25
2
299 Views
Last Modified: 2010-04-18
I have loopback policy enabled.

I am able to have users from the OU Users specified on say machines in OU SERVERS B using 'authetnicated users' as the filtering. All works great, computer GP and user GP works fine. Now when I remove authenticated users, and just add an invidiaul users, the GP doesn't apply to .. why is that?

OU users
OU computers
OU servers
      - OU SERVERS B
0
Comment
Question by:shankshank
2 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 17806376
If you remove "Authenticated Users" and only add individual users (and have the user settings in the same GPO as the loopback policy), you're blocking the *computer* (an "Authenticated User"!) from applying the loopback policy, which then in turn prevents the application of the user policies that rely on the loopback policy.
Either add the computer account to the security settings, or separate the computer policies (the loopback policy is one of those) and the user policies into different GPOs. The latter is usually the better choice; user settings and computer settings don't have too much in common, so it's easier to manage to keep them apart.
On a side note, unless there are really good reasons to do so (like home directories), you should never assign permissions directly to individual accounts. Create a dedicated group for each GPO (with a name reflecting the use), add the users to the group (and, yes, you can add computers to groups as well), assign the permissions to apply the GPO to the group.
0
 
LVL 5

Author Comment

by:shankshank
ID: 17806476
hahahahah.

stupidity at its best === > ME


thanks for clearing that up.. I just for some reason, after all the questions about this stuff, still a little confused, I 'assumed' that the policy would be in effect for the computer itself, since it was residing inside of the OU...


0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now