Solved

Group Policy, security filtering

Posted on 2006-10-25
2
300 Views
Last Modified: 2010-04-18
I have loopback policy enabled.

I am able to have users from the OU Users specified on say machines in OU SERVERS B using 'authetnicated users' as the filtering. All works great, computer GP and user GP works fine. Now when I remove authenticated users, and just add an invidiaul users, the GP doesn't apply to .. why is that?

OU users
OU computers
OU servers
      - OU SERVERS B
0
Comment
Question by:shankshank
2 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 17806376
If you remove "Authenticated Users" and only add individual users (and have the user settings in the same GPO as the loopback policy), you're blocking the *computer* (an "Authenticated User"!) from applying the loopback policy, which then in turn prevents the application of the user policies that rely on the loopback policy.
Either add the computer account to the security settings, or separate the computer policies (the loopback policy is one of those) and the user policies into different GPOs. The latter is usually the better choice; user settings and computer settings don't have too much in common, so it's easier to manage to keep them apart.
On a side note, unless there are really good reasons to do so (like home directories), you should never assign permissions directly to individual accounts. Create a dedicated group for each GPO (with a name reflecting the use), add the users to the group (and, yes, you can add computers to groups as well), assign the permissions to apply the GPO to the group.
0
 
LVL 5

Author Comment

by:shankshank
ID: 17806476
hahahahah.

stupidity at its best === > ME


thanks for clearing that up.. I just for some reason, after all the questions about this stuff, still a little confused, I 'assumed' that the policy would be in effect for the computer itself, since it was residing inside of the OU...


0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Learn about cloud computing and its benefits for small business owners.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now