I haven't tested this explicitly, but I don't believe it will work. Here's why I think that's the case. When the user logs on, foreground GP processing will normally kick off and query AD via LDAP for the list of applied GPOs for that user. But, since the user account is in an NT 4 domain, that processing should fail right away, which means it will never have a chance to evaluate the loopback policy and apply it to the user. Now, its possible that MS were really smart and realized that there may be a loopback policy out there that only relies on the machine account, but based on what I've seen with GP processing behavior, I don't believe this would be the case.
Unfortunately I don't have an NT4 domain handy to test--now where did I put that copy of Virtual Server??... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Casey Sent: Wednesday, September 22, 2004 11:48 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO loopback We use a GPO with loopback to lock down our kiosk PC's. The kiosks are in a kiosk OU. The loopback works well to ensure that the kiosks remain locked down no matter who logs on. The problem is, we have an internal trusted NT domain(2 way trust). The users from the NT domain probably won't migrate to our AD domain for another year. Is it possible to have the GPO linked to the kiosk OU still apply when users log on to the kiosk PC's with their NT domain account? Any advice would be appreciated List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
