Solved

Group Policy, security filtering

Posted on 2006-10-25
2
303 Views
Last Modified: 2010-04-18
I have loopback policy enabled.

I am able to have users from the OU Users specified on say machines in OU SERVERS B using 'authetnicated users' as the filtering. All works great, computer GP and user GP works fine. Now when I remove authenticated users, and just add an invidiaul users, the GP doesn't apply to .. why is that?

OU users
OU computers
OU servers
      - OU SERVERS B
0
Comment
Question by:shankshank
2 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 17806376
If you remove "Authenticated Users" and only add individual users (and have the user settings in the same GPO as the loopback policy), you're blocking the *computer* (an "Authenticated User"!) from applying the loopback policy, which then in turn prevents the application of the user policies that rely on the loopback policy.
Either add the computer account to the security settings, or separate the computer policies (the loopback policy is one of those) and the user policies into different GPOs. The latter is usually the better choice; user settings and computer settings don't have too much in common, so it's easier to manage to keep them apart.
On a side note, unless there are really good reasons to do so (like home directories), you should never assign permissions directly to individual accounts. Create a dedicated group for each GPO (with a name reflecting the use), add the users to the group (and, yes, you can add computers to groups as well), assign the permissions to apply the GPO to the group.
0
 
LVL 5

Author Comment

by:shankshank
ID: 17806476
hahahahah.

stupidity at its best === > ME


thanks for clearing that up.. I just for some reason, after all the questions about this stuff, still a little confused, I 'assumed' that the policy would be in effect for the computer itself, since it was residing inside of the OU...


0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question