LinkBack URL
About LinkBacks
Reply With QuoteHi shanfont
Maybe it's just me, but I don't really get the question - could you please rephrase? I think this might be something with Loopback policies, but I'm not sure as I don't really understand the question?
100+ Helpful Posts!
50+ Helpful Posts
I have computer accounts and user accounts in one OU. If I log into one of those computers from that OU as administrator the GPO being applied is the users restrictive policy. What are the best practices when it comes to logging into a users pc as admin when you want a GPO to be applied to the computer account?
100+ Helpful Posts!
50+ Helpful Posts
Hi shanfont
Maybe it's just me, but I don't really get the question - could you please rephrase? I think this might be something with Loopback policies, but I'm not sure as I don't really understand the question?
100+ Helpful Posts!
50+ Helpful Posts
Originally Posted by JakobHeidelberg
What I have setup is OU's split up by departments. Credit dept, billing dept, etc. I have the users and computers in each OU that they belong too. I want my GPO's to be applied to the users of each dept. but not be applied for administrators or managers that may login to those same pc's in those departments. So is that where a Loopback policy would be used?
100+ Helpful Posts!
50+ Helpful Posts
If your group policy objects are linked to the organisational unit and the administrators are not nested within the oragnisational unit the user configuration settings will not be applied.
If youre users are nested in the organistational unit you made modify the security settings for the group policy object to remove the allowed - apply group policy ACL checkbox.
That answers user configration settings, now do you also want to know about not applying the computer configuration settings when an administrator logs onto the workstation. If so I do not believe this is possible, computer configurations are applied to the computer object and therefore may not be filtered for specific user objects such as your administrators.
Maybe publish a image or diagram of what you re attempting to achieve from your active directory design, I may be able to be more helpdful then.
100+ Helpful Posts!
50+ Helpful Posts
My AD design looks like this:
Domain:
|
|
| >Credit Dept
| |
| |
| User Accounts
| Computer Accounts
|
| >Billing Dept
| |
| |
| User Accounts
| Computer Accounts
|
|
| >Other Dept. nested within domain
For the GPO's I have assigned to each OU I have them to be applied to different security groups of each dept. and administrator accounts to not apply GPO. I was thinking by doing that the GPO would not apply to an administrator when they login to a pc within those OU's. So should I have a different OU for computer accounts within those same OU's?
Posting Permissions