Yeah,
Only way to keep the folks honest to tell you the truth. Jeremy Moskowitz GPO book is helping out a lot. ( Good refresher) Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: David Lum [mailto:[email protected]] Sent: Thursday, October 13, 2011 9:41 AM To: NT System Admin Issues Subject: RE: Has anyone tried to add a local account on a server to a restrictive Group via GPO? I do exactly this, it's awesome. From: Ziots, Edward [mailto:[email protected]] Sent: Thursday, October 13, 2011 5:37 AM To: NT System Admin Issues Subject: RE: Has anyone tried to add a local account on a server to a restrictive Group via GPO? I will take a look at it today, going to test out my GPO's before putting them on the production system. Kinda why I tell folks not to use local accounts, but sometimes stuff sneaks through and its typically vendor related. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Christopher Bodnar [mailto:[email protected]] Sent: Wednesday, October 12, 2011 4:42 PM To: NT System Admin Issues Subject: Re: Has anyone tried to add a local account on a server to a restrictive Group via GPO? Have you seen this? http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/64d9 a801-5281-487c-8d14-1b092c0dffcf/ <http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/64d 9a801-5281-487c-8d14-1b092c0dffcf/> It looks like you should be able to do this through GPO Restricted Groups, or using Preferences. Chris Bodnar, MCSE, MCITP Technical Support III Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 From: "Ziots, Edward" <[email protected]> To: "NT System Admin Issues" < [email protected]> Date: 10/12/2011 03:38 PM Subject: Has anyone tried to add a local account on a server to a restrictive Group via GPO? ________________________________ Trying to add a local user to a restrictive groups GPO ( its on the server for an application) I am wondering if that can even be done ( unless you modify the GPO from the server that has the local account in question) As for the local account ( silly Healthcare application, don't ask long story about inability on vendors part to set proper DCOM permissions) Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> > ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ <http://lyris.sunbelt-software.com/read/my_forums/> or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image002.jpg>>
<<image003.jpg>>
