Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Group Policy, security filtering

Posted on 2006-10-25
2
302 Views
Last Modified: 2010-04-18
I have loopback policy enabled.

I am able to have users from the OU Users specified on say machines in OU SERVERS B using 'authetnicated users' as the filtering. All works great, computer GP and user GP works fine. Now when I remove authenticated users, and just add an invidiaul users, the GP doesn't apply to .. why is that?

OU users
OU computers
OU servers
      - OU SERVERS B
0
Comment
Question by:shankshank
2 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 17806376
If you remove "Authenticated Users" and only add individual users (and have the user settings in the same GPO as the loopback policy), you're blocking the *computer* (an "Authenticated User"!) from applying the loopback policy, which then in turn prevents the application of the user policies that rely on the loopback policy.
Either add the computer account to the security settings, or separate the computer policies (the loopback policy is one of those) and the user policies into different GPOs. The latter is usually the better choice; user settings and computer settings don't have too much in common, so it's easier to manage to keep them apart.
On a side note, unless there are really good reasons to do so (like home directories), you should never assign permissions directly to individual accounts. Create a dedicated group for each GPO (with a name reflecting the use), add the users to the group (and, yes, you can add computers to groups as well), assign the permissions to apply the GPO to the group.
0
 
LVL 5

Author Comment

by:shankshank
ID: 17806476
hahahahah.

stupidity at its best === > ME


thanks for clearing that up.. I just for some reason, after all the questions about this stuff, still a little confused, I 'assumed' that the policy would be in effect for the computer itself, since it was residing inside of the OU...


0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question