Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

GPO question

Status
Not open for further replies.
TinRam

TinRam

MIS
Jan 2, 2001
99
GPO is applied to an OU that houses a computer. Lets call this GPO “IE_Settings”. This GPO has the loopback policy set to “Replace”.
User is in another OU. I would like have “IE_Settings” NOT apply to this user.

Possible?

I know that the usual way of setting the ACL of the GPO to deny the “apply” right for that user will not work since this policy is applied to the computer, not the user.

Thanks... nobody appears to know how to do this. Maybe its not not possible.
 
Sort by date Sort by votes
I think you're out of luck. Not being able to apply User settings is kind of the point of using the replace option in loopbacks.

Maybe if you set the user OU group policy settings to not be overridden (there's a check box someplace on the GP)?
 
Upvote 0 Downvote
Great idea. Didn’t work though. After you suggested it I did some reading on this and also tried it out. This is called “enforce” in 2003 BTW. Looks like this setting will force inheritance, even if loopack is enabled, but it does not force the GPO to override the loopback if it is not a parent. So in other words, If I for example make the change on the domain policy and turn on “enforce” it will override the loopback. But putting this on the user’s OU will not override it.



Great idea though… good thinking! Thanks!
 
Upvote 0 Downvote
Not 100% sure if this would work, but what about if you create a second policy called "NOT_IE" and set permissions on it so that only the users from that certain OU could apply the policy - then configure loopback processing on it and also disable proxy (or whatever you need to do). Just make sure that the policy is processed second - ie after the main IE_Settings policy. I'm not 100% sure if it'll work, but it's worth a try I guess. After all, the settings are still applied by the user - just read from the policy where the computer resides instead ... to the best of my knowledge anyway

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
 
Upvote 0 Downvote
why are you using loopback at all, general rule for win03 was to try and move away from looping.

if you just want it to be used on machines with certain users,, apply machine policies and filter users on sec groups

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
434
technome
technome
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
338
RRankin355
RRankin355
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
321
on3mansh0w
on3mansh0w
juliog
  • Locked
  • Question
Unable to get Server 2019 GPO Redirected Folders to Work on Windows 7
Replies
1
Views
307
tacohunter
tacohunter
edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
269
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top