Neil- That is a tough one. What you're trying to do is essentially filter a user policy based on transient (i.e. it could change at any time) computer criteria (member machine local group membership). Its always difficult to do that if you're not using something like loopback, which probably wouldn't work here anyway. A WMI filter might work if you could craft a WQL statement that can get the currently logged on user and query to see if they are in the local Admin group, but, that's beyond my WMI knowledge. Maybe if Alain is lurking...
Darren -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, February 24, 2006 5:40 AM To: [email protected] Subject: RE: [ActiveDir] Apply a GPO only to users who are local admins Let me re-word my question :) - A GPO exists which is linked to the domainDNS object - It has User config settings - The requirement is that these settings only be applied to domain user objects which are also members of the local admin group on the domain member machine that they are logged on at. Is this possible? Thanks, neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: 24 February 2006 13:09 To: [email protected] Subject: RE: [ActiveDir] Apply a GPO only to users who are local admins Yes this is possible using restricted groups. Instead of defining the explicit membership of a group, you can use restricted groups to add a member to a local group. Check out KB article 228496 Dennis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, February 24, 2006 5:47 AM To: [email protected] Subject: [ActiveDir] Apply a GPO only to users who are local admins Here is a question put to me by a colleague: "Does anyone know if it is possible to set a GPO only for users that are local administrators without using AD groups? e.g. if you wanted to set a particular setting for users who have their user accounts explicitly added to the local admins group on their box rather than via group membership." Is this possible? My initial thought is to use WMI filters, but this could be expensive. neil ___________________________ Neil Ruston Global Technology Infrastructure Nomura International plc PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
