How can I block domain level folder redirection Group Policy
HI Experts.
I have a a domain level Folder redirection policy that applies Folder Redirection.
The Folder Redirection GP setting is in User Configuration/windows settings/folder redirection and just redirects the "My Documents" folder.
I can block users but how can I block a site or GP group holding serveral PCs inside the Domain from from this group policy? i.e. I want to stop a range of computers urnning the policy
I've got 10 other Group policies at domain level so just blocking Inheritance isn't going to work..
Thanks
I have a a domain level Folder redirection policy that applies Folder Redirection.
The Folder Redirection GP setting is in User Configuration/windows settings/folder redirection and just redirects the "My Documents" folder.
I can block users but how can I block a site or GP group holding serveral PCs inside the Domain from from this group policy? i.e. I want to stop a range of computers urnning the policy
I've got 10 other Group policies at domain level so just blocking Inheritance isn't going to work..
Thanks
ASKER
Thanks for your comment.
Can I add a group of computers or can it only be one by one?
I have a look at WMI and it just seems to filter by OS.
Can I add a group of computers or can it only be one by one?
I have a look at WMI and it just seems to filter by OS.
I just spotted the flaw in this plan...
Folder redirection is done under the "User Settings" part of the policy.
But you are trying to apply the policy to computers in which case only the "Computer Settings" will be applied.
To acheive this you will need "Loopback Policy Processing" turned on. This is handled better in Win2k8 and Win7 - not so good on Win2k3 and XP.
Unfortunately I have to head off so I wont be able to advise further until tomorrow but please feel free to post to other "Experts" about Loopback Policy processing.
Folder redirection is done under the "User Settings" part of the policy.
But you are trying to apply the policy to computers in which case only the "Computer Settings" will be applied.
To acheive this you will need "Loopback Policy Processing" turned on. This is handled better in Win2k8 and Win7 - not so good on Win2k3 and XP.
Unfortunately I have to head off so I wont be able to advise further until tomorrow but please feel free to post to other "Experts" about Loopback Policy processing.
ASKER
Ah I see. And googling shows up "Loopback Policy Processing" as a little unpredictable.
Any one else got any ideas or am I asking for something that isn't feasible or should be handled differently?
Thanks
Any one else got any ideas or am I asking for something that isn't feasible or should be handled differently?
Thanks
I see that you are using User Setting, This policy will only be applicable to users not computers. More over you can disable the computer policy of GPO using GPMC tool so that only User part setting will be applied.
ASKER
I can block users but how can I block a site or GP group holding serveral PCs inside the Domain from from this group policy? i.e. I want to stop a range of computers running the policy. Thanks
Hi,
As I mentioned earlier computer configuration changes will be applicable to computer and users configuration to user.
See the attached screenshot how to disable computer configuration part of the GPO
disableComputerSettings.jpg
As I mentioned earlier computer configuration changes will be applicable to computer and users configuration to user.
See the attached screenshot how to disable computer configuration part of the GPO
disableComputerSettings.jpg
ASKER
Thanks for your comment V-2nas, but I dont understand why disabling the computer configuration would help here? THis is (as you mention yourself) a User setting but I'm trying to see if there's a way of blocking it on a range of PCs.
ASKER
I'm beginning to think that I'm fighting against the wind on this one and should accept it's a policy that is User specific, not PC specific.
Sort of makes a kind of sense in that if it was PC based and the affect users went on a PC that want affected they would have redirection working again. which would proably make the users confused.
Therefore, unless anyone has any good ideas I'll note this as not having a solution.
Sort of makes a kind of sense in that if it was PC based and the affect users went on a PC that want affected they would have redirection working again. which would proably make the users confused.
Therefore, unless anyone has any good ideas I'll note this as not having a solution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. Thanks MarkieS.
Your post above suggests a way forward but I hanv't got the time/expertise to muck around with Kix so I'm just going to follow MS's thinking for now, and block it by User rather than by PC.
As your post could be used as a starting point for someone with a similar problem I'll mark it as the answer. Many thanks for your comments.
V2-nas, i can't see the relevance of your comments, so I'll give Markies the points. Apologies if I'm missing a point.
Your post above suggests a way forward but I hanv't got the time/expertise to muck around with Kix so I'm just going to follow MS's thinking for now, and block it by User rather than by PC.
As your post could be used as a starting point for someone with a similar problem I'll mark it as the answer. Many thanks for your comments.
V2-nas, i can't see the relevance of your comments, so I'll give Markies the points. Apologies if I'm missing a point.
ASKER
Marked as B as it's not a complete answer, more of a starting point. (but a useful one at that!). Cheers John
Its ok :)
Thanks jmsjms.
If you decide to go Kix script route drop another line.
all the best...
Markie S
If you decide to go Kix script route drop another line.
all the best...
Markie S
Or you can do similar with WMI filters