Whilst the particular case might be simple (though I don't see how it's going to be simple to implement in actual code as it would probably require extensions to the client GPO processing engine, which is already fragmented into lots of little pieces), I can just see this getting out of hand. People will want to be able to do this to groups as well as users (I need to apply a particular policy to 50 users and doing it one user at a time is too slow). People will want to apply multiple policies to users (or groups). And then we'll end up with the same situation we have with PSOs in Win2k8 with the added complexity of LSDOU based GPOs as well.
The current situation isn't "difficult" to figure out for the new guy. They need to know about RSOP, which anyone dealing with GPOs should know about. Cheers Ken -----Original Message----- From: Kennedy, Jim [mailto:[email protected]] Sent: Tuesday, 4 August 2009 11:23 AM To: NT System Admin Issues Subject: RE: GPO for a single user > It would be cleaner and easier to do if every user object could just > have a GPO associated with it directly. This would be analogous to > how every machine has a GPO of its own. Suppose a button in the user > properties dialog to edit the GPO for that user. > > -- Ben Yep. A simple place in the properties of the account to link it to. Like we would put in an old logon script. That would be cleaner, easier to document and to figure out if you are the 'new' guy. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
