• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

Apply computer policy only to certain users

Ok, most of my searching has only yielded ways to apply user policies to users on certain computers. What I want is the reverse.

I have an overall group policy which disables clipboard redirection on the terminal server. This policy applies properly to everyone that logs into the terminal server.

However, I would like to allow a few certain users the ability to use clipboard redirection.
0
Klinkeye
Asked:
Klinkeye
  • 6
  • 3
  • 2
  • +3
1 Solution
 
Jack_JonesCommented:
Could make another user group for the specific users you want to have that removed off of.
0
 
abhijitwaikarCommented:
0
 
KlinkeyeAuthor Commented:
When I remove "authenticated users" and just add the user to the filtered users, when I run go modeling for that user on the ts I get a permission denied for that gpo.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Krzysztof PytkoActive Directory EngineerCommented:
I would do this that way. GPO Security Filtering but...

Do not remove Authenticayed Users, leave them. So, by default each user will apply this policy. Now, edit its DACL by selecting GPO in GPMC console. Go to "Delegation" tab in right pane and click "Advanced" button on right bottom. Then use DACL editor (like NTFS file/folder permission). Put there security group for users who shouldn't have this policy applied. Now set up "Deny" for that group in these 2 permissions:

- Read
- Apply group policy

Now, they cannot apply it and during logon process, it doesn't read GPO content (faster logon)

REgards,
Krzysztof
0
 
KlinkeyeAuthor Commented:
I'll have to try this on Monday.
0
 
yo_beeDirector of ITCommented:
What about loopback.

How to merge or replace settings using loopback
http://technet.microsoft.com/en-us/library/cc782810(v=ws.10).aspx

Loopback processing of Group Policy
http://support.microsoft.com/kb/231287

How to apply Group Policy objects to Terminal Services
http://support.microsoft.com/kb/260370

Now if you want to setup a separate OU with your TS servers in it or use WMI filtering in your current OU

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_wmi.asp

Here is an example of the syntax:
SELECT * FROM Win32_ComputerSystem WHERE Name = 'MyComputer'
Where mycomputer = your TS server name.










0
 
KlinkeyeAuthor Commented:
Thanks for the input, but I've already got loopback processing enabled. I also have no problem applying the GPO to just the terminal servers, however what I'm after is selectively applying the GPO (which only contains computer settings) to certain users that log onto the terminal servers.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
So, my scenario should be suitable in this case ;)

Krzysztof
0
 
KlinkeyeAuthor Commented:
Possibly. I did have a mess about with the delegation section before posting my question. Will let u know how it goes Monday.
0
 
McKnifeCommented:
Klinkeye, from 2008 TS on, this is available as a user policy, too. Is your TS 2008 or 2008 R2? http://www.group-policy.com/ref/policy/2789/Do_not_allow_clipboard_redirection
0
 
yo_beeDirector of ITCommented:
This will never work since the Computer settings apply on the entire system and also apply when the machine boots.
That is going to be pretty difficult since Computer settings are system wide (HKLM) and not user specific (HKCU).

0
 
McKnifeCommented:
yo_bee, couldn't we eliminate the need of a computer policy at all?
0
 
yo_beeDirector of ITCommented:
Stated by the Klinkeye "however what I'm after is selectively applying the GPO (which only contains computer settings) to certain users "

@McKnife
Since this is a Computer policy that needs to be applied  disabling it will not be a solution
0
 
KlinkeyeAuthor Commented:
It's actually server2003. I think yo_bee might be right. The computer policies can't be applied to users selectively.
0
 
KlinkeyeAuthor Commented:
What I was after cannot be done.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 6
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now