Solved

Group Policy, security filtering

Posted on 2006-10-25
2
304 Views
Last Modified: 2010-04-18
I have loopback policy enabled.

I am able to have users from the OU Users specified on say machines in OU SERVERS B using 'authetnicated users' as the filtering. All works great, computer GP and user GP works fine. Now when I remove authenticated users, and just add an invidiaul users, the GP doesn't apply to .. why is that?

OU users
OU computers
OU servers
      - OU SERVERS B
0
Comment
Question by:shankshank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 17806376
If you remove "Authenticated Users" and only add individual users (and have the user settings in the same GPO as the loopback policy), you're blocking the *computer* (an "Authenticated User"!) from applying the loopback policy, which then in turn prevents the application of the user policies that rely on the loopback policy.
Either add the computer account to the security settings, or separate the computer policies (the loopback policy is one of those) and the user policies into different GPOs. The latter is usually the better choice; user settings and computer settings don't have too much in common, so it's easier to manage to keep them apart.
On a side note, unless there are really good reasons to do so (like home directories), you should never assign permissions directly to individual accounts. Create a dedicated group for each GPO (with a name reflecting the use), add the users to the group (and, yes, you can add computers to groups as well), assign the permissions to apply the GPO to the group.
0
 
LVL 5

Author Comment

by:shankshank
ID: 17806476
hahahahah.

stupidity at its best === > ME


thanks for clearing that up.. I just for some reason, after all the questions about this stuff, still a little confused, I 'assumed' that the policy would be in effect for the computer itself, since it was residing inside of the OU...


0

Featured Post

Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question