First, thanks to Jannie and all those who replied.
>Now comes the tricky part - you will have to create a group of users which
>should NOT receive the setting. Add this group to the ACL for the GPO
>above, and set the tickbox to deny "Apply Group Policy". Since deny takes
>precedence over allow, it is not possible to deny "Apply Group Policy" to
>Authenticated Users, as this will override the setting for the computer
>account as well, causing the computer to overlook the policy during
>application and therefore not apply the Loopback portion of it when a user
>logs on.
>
>
The server that I would like to have those special GP for special users
is a Terminal Server.
The only people allowed to login to that TS belongs to a special group
so Apply Group
Policy on that special group should do the trick. (Authenticated users
unchecked)
But is there a quick way to do what you mentioned on that paragraph above?
Something like an ALL users except .........
Someone on the list also told me that Windows Server 2003 can do this more
efficiently. I have Windows 2003 license but I opted to install the 2000
version
mainly because most new releases from MS has lots of bugs to begin with. I
could be wrong with this release though.
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
>Now comes the tricky part - you will have to create a group of users which
>should NOT receive the setting. Add this group to the ACL for the GPO
>above, and set the tickbox to deny "Apply Group Policy". Since deny takes
>precedence over allow, it is not possible to deny "Apply Group Policy" to
>Authenticated Users, as this will override the setting for the computer
>account as well, causing the computer to overlook the policy during
>application and therefore not apply the Loopback portion of it when a user
>logs on.
>
>
The server that I would like to have those special GP for special users
is a Terminal Server.
The only people allowed to login to that TS belongs to a special group
so Apply Group
Policy on that special group should do the trick. (Authenticated users
unchecked)
But is there a quick way to do what you mentioned on that paragraph above?
Something like an ALL users except .........
Someone on the list also told me that Windows Server 2003 can do this more
efficiently. I have Windows 2003 license but I opted to install the 2000
version
mainly because most new releases from MS has lots of bugs to begin with. I
could be wrong with this release though.
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
------------------------------------------------------------------------
---
[ reply ]