Annoyingly, that doesn't work :( I've put the computer in to a security group, put that group in the Delegation tab with an advanced property specifying "Apply Policy DENY", but no end of rebooting for forcing an update causes the laptop in question to NOT apply that policy. Any user logging on happily gets all the data synched. The event log on either box shows no errors relating to why the GPO *IS* being applied.
ARGH! Olly From: Jon Harris [mailto:[email protected]] Sent: 16 December 2008 12:06 To: NT System Admin Issues Subject: Re: Disabling folder redirection on one machine Put the laptops in a Security group put a deny on the security group from geting that policy but make sure it is the only thing in that policy you want affected! Jon (finally getting rid of my cold) On Tue, Dec 16, 2008 at 4:23 AM, Oliver Marshall <[email protected]<mailto:[email protected]>> wrote: Hi chaps, Whats the best (read proper) way to disable folder redirection for any user on one machine? We have a 2008/vista based network and we use folder redirection to keep the data on the servers. All good. However we have some new laptops which will go out in the field and it's been decided that the users will need to be able to log on to the laptops as themselves (rather than using a dedicated local account on the laptop). However this in turn goes against the data policy which precludes laptops from having copies of users profiles or company data on them (everything is to be access via SSL web app). Is the best way to just add the computer name to the permissions of the folder redirection GPO and then set that permission to denied ? Olly 'got man cold' Marshall ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
