Apply group policies per machine

Yesterday, in a windows network and resource planning session, i’ve realized that my company have the need of segmentation for computer and lan usage, depending on department user affiliation.
In our case the policy to be applied must be per machine instead the usual per-user policy.

For the first moment we get in trouble. In fact the usual group policy we have ever applied was per-user(it’s simple by the windows server mmc snap-in).

I found some links very useful:

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/944b7d5c-3cf1-4d8c-b755-17cc9c1a4650

http://www.petri.co.il/forums/showthread.php?t=39069

The trick is  on a particular field of Group Policy options: group policy Loopback Processing

Link from microsoft: http://support.microsoft.com/kb/231287

With this option we gain a process of policy application with very interesting results, in fact the policies were applied to a user on a particular location(computer). In this case the GP object must be linked on a computer object on the domain tree enclosed (in case) inside  organizational unit.

N.b.  after the link of a GPO to an OU, on the physical machine the best is to run the command  gpupdate /force, to apply the changes fast. Another tool to verify the results is “gpresults” always by command line.

~ di diegotech su ottobre 12, 2009.

Lascia un commento

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...

 
%d blogger cliccano Mi Piace per questo: