Guest RossB Posted January 23, 2008 Posted January 23, 2008 I have a GPO, the policies in this GPO should apply to end users, not administrators. The GPO has loopback processing: merge, and is intended to apply to all servers in a given container. On the GPO, security is set so that Authenticated Users have read & apply group policy permissions. I have set the administrative group I am in to have all permissions, except apply group policy is set to DENY. This is to prevent the policy being applied to administrators. The problem is, the GPO is still applying to the administrators group I am in, despite the DENY statement above. Am I doing something wrong?
Guest Lanwench [MVP - Exchange] Posted January 23, 2008 Posted January 23, 2008 Re: apply GPO to end users, but not administrators RossB <RossB@discussions.microsoft.com> wrote: > I have a GPO, the policies in this GPO should apply to end users, not > administrators. > > The GPO has loopback processing: merge, and is intended to apply to > all servers in a given container. > > On the GPO, security is set so that Authenticated Users have read & > apply group policy permissions. I have set the administrative group I > am in to have all permissions, except apply group policy is set to > DENY. This is to prevent the policy being applied to administrators. > > The problem is, the GPO is still applying to the administrators group > I am in, despite the DENY statement above. Am I doing something wrong? Hi - I suggest you try posting this in microsoft.public.windows.group_policy for the most expert help. (you may find it's much easier to navigate & use these groups if you use a newsreader instead of the clunky web interface, btw).
Guest RossB Posted February 7, 2008 Posted February 7, 2008 RE: apply GPO to end users, but not administrators Resolved myself. The pilicy is set to deny on my administrators group. This only affects the user portion of the GPO, not the computer portion. "RossB" wrote: > I have a GPO, the policies in this GPO should apply to end users, not > administrators. > > The GPO has loopback processing: merge, and is intended to apply to all > servers in a given container. > > On the GPO, security is set so that Authenticated Users have read & apply > group policy permissions. I have set the administrative group I am in to have > all permissions, except apply group policy is set to DENY. This is to prevent > the policy being applied to administrators. > > The problem is, the GPO is still applying to the administrators group I am > in, despite the DENY statement above. Am I doing something wrong?
Recommended Posts