Works with the computer account added, but I never had to do it that way before ---Blackberried
-----Original Message----- From: Lora Cates <[email protected]> Date: Fri, 13 Apr 2012 06:53:12 To: NT System Admin Issues<[email protected]> Reply-To: "NT System Admin Issues" <[email protected]> Subject: Re: GPO weirdness Have you tried to add the computer account? Loopback policy applies user setting to a machine, or group of machines. If the machine can't read the policy, it can'y apple the user settings to that machine. But you should see the FILTERED result for the computer object in the GPRESULT. -lc >________________________________ > From: James Rankin <[email protected]> >To: NT System Admin Issues <[email protected]> >Sent: Friday, April 13, 2012 8:08 AM >Subject: Re: GPO weirdness > > >That's not how I understood it (I could be wrong), but as I said previously >I've had it working before without having to add computer accounts. > >Maybe need one of the AD Yodas to provide a definitive answer :-) > > >On 13 April 2012 13:54, Mayo, Bill <[email protected]> wrote: > >Loopback processing always ups the confusion for me (so I could be way off), >but isn’t that the likely reason for it? Loopback processing says to use the >policy applied to the computer, not the user, so it would not apply the policy >in question unless it also applied to the computer being logged onto. If the >restriction didn’t apply to the computer, it therefore wouldn’t be applied, >right? >> >>Bill Mayo >> >>From:James Rankin [mailto:[email protected]] >>Sent: Friday, April 13, 2012 8:31 AM >> >>To: NT System Admin Issues >>Subject: Re: GPO weirdness >> >>Both. Settings aren't applied, and the GPO doesn't show as being applied in >>gpresult. >>On 13 April 2012 13:13, Christopher Bodnar <[email protected]> >>wrote: >>Just read your disclaimer, funny stuff, extraterrestrial eggplants? >> >>OK back to your issue. When you say the GPO does not apply do you mean that >>the settings dont' get enforced, or that the GPO doesn't show up as being >>applied in the output of GPRESULT? >> >> >>Christopher Bodnar >>Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture >>and Engineering Services >>Tel 610-807-6459 >>3900 Burgess Place, Bethlehem, PA 18017 >>[email protected] >> >> >>The Guardian Life Insurance Company of America >> >>www.guardianlife.com >> >> >> >> >> >>From: James Rankin <[email protected]> >>To: "NT System Admin Issues" <[email protected]> >>Date: 04-13-12 05:12 AM >>Subject: GPO weirdness >> >>________________________________ >> >> >> >> >> >>I have a GPO with user settings that I am applying to an OU with Terminal >>Servers in it (Loopback Policy Processing is configured in another GPO on the >>same OU). I also want to apply a security filter to the user settings OU so >>that only a certain AD group are subject to it. However, whenever I change >>the security filter from Authenticated Users, the GPO does not apply even >>though the user is a member of the AD group in the security filter. The only >>way I can get it to work is by adding the computer accounts for the Terminal >>Servers to the security filter, which has me baffled because these are user >>settings and shouldn't be applied to the computer accounts, should they? I >>could be utterly wrong but I have checked GPOs I used in other, similar >>environments and I never had to add computer accounts specifically to a >>security filter for a user settings GPO to work. >> >>Can anyone confirm if this is expected behaviour or not? >> >>TIA, >> >> >> >>JRR >> >>-- >>http://appsensebigot.blogspot.co.uk/ >> >>IMPORTANT INFORMATION/DISCLAIMER >> >>I certainly don't have time to monitor the content of e-mail sent and >>received via this account for the purposes of ensuring compliance with >>anyone's policies and procedures. I am pretty sure that somewhere in UK >>legislation there is some politically-correct drivel that stipulates I must >>never send or store e-mails or attachments that are obscene, indecent, >>sexist, racist, defamatory, abusive, in breach of copyright, encrypted, >>amusing, overly long, slightly opinionated, anonymous, likely to harm animals >>or hurt the feelings of an as-yet-unspecified or as-yet-nonexistent minority >>(such as extraterrestrial eggplants). Emails of this nature sent in or out of >>this account may be intercepted and stopped by the system, but it's a long >>shot. This being the UK, even if I was prosecuted for breach of said email >>guidelines, I'd probably walk with a suspended sentence anyway, but if I'd >>forgotten to pay my car insurance, I'd most certainly be hung, drawn and quartered. >> >>I am not responsible for any changes made to the message after it has been >>sent, in more or less the same way that cyclozine manufacturers aren't >>responsible for drug addicts mixing it with methadone and overdosing, so I'm >>glad I cleared the confusion up there nice and early. Where opinions are >>expressed, they are not necessarily mine. However, I don't make a habit of >>expressing other people's opinions for them, so you shouldn't take that >>statement as an indication that I am in the business of providing an >>opinion-expressing service. In the event that I did, this discourse would >>provide no guarantee that I would do it anyway, but I don't, so I won't. >> >>This e-mail and any files transmitted with it are confidential and intended >>solely for the use of the individual or entity to whom they are addressed. If >>you are not the intended addressee, or the person responsible for delivering >>it to them, aside from the fact that you've clearly got some level of >>unauthorised access to their account or are at least engaged in some sort of >>fraud, I'm obliged to tell you that may not copy, forward disclose or >>otherwise use it or any part of it in any way. To do so may be unlawful, and >>as you're already breaking the law, I am sure that bombshell makes you quake >>in your boots and turn yourself over to law enforcement immediately. If you >>receive this e-mail by mistake, please advise the sender immediately. That >>would be me, and as I am clearly prone to sending emails to completely the >>wrong person, I should instantly be stripped of my status as a technical >>consultant and sent to do something more becoming of my stupidity, such as appearing on Big Brother, the X Factor or "insert country name here"'s Got Talent. >>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >>--- >>To manage subscriptions click here: >>http://lyris.sunbelt-software.com/read/my_forums/ >>or send an email to [email protected] >>with the body: unsubscribe ntsysadmin >>----------------------------------------- This message, and any attachments >>to it, may contain information that is privileged, confidential, and exempt >>from disclosure under applicable law. If the reader of this message is not >>the intended recipient, you are notified that any use, dissemination, >>distribution, copying, or communication of this message is strictly >>prohibited. If you have received this message in error, please notify the >>sender immediately by return e-mail and delete the message and any >>attachments. Thank you. >>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> >>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >>--- >>To manage subscriptions click here: >>http://lyris.sunbelt-software.com/read/my_forums/ >>or send an email to [email protected] >>with the body: unsubscribe ntsysadmin >> >> >> >>-- >>http://appsensebigot.blogspot.co.uk >> >>IMPORTANT INFORMATION/DISCLAIMER >> >>I certainly don't have time to monitor the content of e-mail sent and >>received via this account for the purposes of ensuring compliance with >>anyone's policies and procedures. I am pretty sure that somewhere in UK >>legislation there is some politically-correct drivel that stipulates I must >>never send or store e-mails or attachments that are obscene, indecent, >>sexist, racist, defamatory, abusive, in breach of copyright, encrypted, >>amusing, overly long, slightly opinionated, anonymous, likely to harm animals >>or hurt the feelings of an as-yet-unspecified or as-yet-nonexistent minority >>(such as extraterrestrial eggplants). Emails of this nature sent in or out of >>this account may be intercepted and stopped by the system, but it's a long >>shot. This being the UK, even if I was prosecuted for breach of said email >>guidelines, I'd probably walk with a suspended sentence anyway, but if I'd >>forgotten to pay my car insurance, I'd most certainly be hung, drawn and quartered. >> >>I am not responsible for any changes made to the message after it has been >>sent, in more or less the same way that cyclozine manufacturers aren't >>responsible for drug addicts mixing it with methadone and overdosing, so I'm >>glad I cleared the confusion up there nice and early. Where opinions are >>expressed, they are not necessarily mine. However, I don't make a habit of >>expressing other people's opinions for them, so you shouldn't take that >>statement as an indication that I am in the business of providing an >>opinion-expressing service. In the event that I did, this discourse would >>provide no guarantee that I would do it anyway, but I don't, so I won't. >> >>This e-mail and any files transmitted with it are confidential and intended >>solely for the use of the individual or entity to whom they are addressed. If >>you are not the intended addressee, or the person responsible for delivering >>it to them, aside from the fact that you've clearly got some level of >>unauthorised access to their account or are at least engaged in some sort of >>fraud, I'm obliged to tell you that may not copy, forward disclose or >>otherwise use it or any part of it in any way. To do so may be unlawful, and >>as you're already breaking the law, I am sure that bombshell makes you quake >>in your boots and turn yourself over to law enforcement immediately. If you >>receive this e-mail by mistake, please advise the sender immediately. That >>would be me, and as I am clearly prone to sending emails to completely the >>wrong person, I should instantly be stripped of my status as a technical >>consultant and sent to do something more becoming of my stupidity, such as appearing on Big Brother, the X Factor or "insert country name here"'s Got Talent. >>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >>--- >>To manage subscriptions click here: >>http://lyris.sunbelt-software.com/read/my_forums/ >>or send an email to [email protected] >>with the body: unsubscribe ntsysadmin >>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >>--- >>To manage subscriptions click here: >>http://lyris.sunbelt-software.com/read/my_forums/ >>or send an email to [email protected] >>with the body: unsubscribe ntsysadmin > > >-- >http://appsensebigot.blogspot.co.uk > >IMPORTANT INFORMATION/DISCLAIMER > >I certainly don't have time to monitor the content of e-mail sent and received >via this account for the purposes of ensuring compliance with anyone's >policies and procedures. I am pretty sure that somewhere in UK legislation >there is some politically-correct drivel that stipulates I must never send or >store e-mails or attachments that are obscene, indecent, sexist, racist, >defamatory, abusive, in breach of copyright, encrypted, amusing, overly long, >slightly opinionated, anonymous, likely to harm animals or hurt the feelings >of an as-yet-unspecified or as-yet-nonexistent minority (such as >extraterrestrial eggplants). Emails of this nature sent in or out of this >account may be intercepted and stopped by the system, but it's a long shot. >This being the UK, even if I was prosecuted for breach of said email >guidelines, I'd probably walk with a suspended sentence anyway, but if I'd >forgotten to pay my car insurance, I'd most certainly be hung, drawn and quartered. > >I am not responsible for any changes made to the message after it has been >sent, in more or less the same way that cyclozine manufacturers aren't >responsible for drug addicts mixing it with methadone and overdosing, so I'm >glad I cleared the confusion up there nice and early. Where opinions are >expressed, they are not necessarily mine. However, I don't make a habit of >expressing other people's opinions for them, so you shouldn't take that >statement as an indication that I am in the business of providing an >opinion-expressing service. In the event that I did, this discourse would >provide no guarantee that I would do it anyway, but I don't, so I won't. > >This e-mail and any files transmitted with it are confidential and intended >solely for the use of the individual or entity to whom they are addressed. If >you are not the intended addressee, or the person responsible for delivering >it to them, aside from the fact that you've clearly got some level of >unauthorised access to their account or are at least engaged in some sort of >fraud, I'm obliged to tell you that may not copy, forward disclose or >otherwise use it or any part of it in any way. To do so may be unlawful, and >as you're already breaking the law, I am sure that bombshell makes you quake >in your boots and turn yourself over to law enforcement immediately. If you >receive this e-mail by mistake, please advise the sender immediately. That >would be me, and as I am clearly prone to sending emails to completely the >wrong person, I should instantly be stripped of my status as a technical >consultant and sent to do something more becoming of my stupidity, such as appearing on Big Brother, the X Factor or "insert country name here"'s Got Talent. > > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
