Using GPO to limit access

Secure Home | Search | About

Lost Password?

Microsoft Applications Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Using GPO to limit access

Jeff Richardson

08-04-2005

Re: Using GPO to limit access

Robert Moir

08-04-2005

RE: Using GPO to limit access

Joh

08-04-2005

Re: Using GPO to limit access

Roger Abell

08-05-2005

Posted by =?Utf-8?B?SmVmZiBSaWNoYXJkc29u on August 4, 2005, 4:25 am

If you were Registered and logged in, you could reply and use other advanced thread options

I'm familiar with basic concepts of GPO, however, can I use GPO and apply it
to SPECIFIC users only when the log on to a SPECIFIC server (a Terminal
Server)

I found docuemntation to apply to a specific server but that seems to effect
everyone logging onto that server - I need it to apply only to 5 or 6 users
when they log onto one server only.

What procedure do I have to follow for a DC and / or a member server - I'm
assuming that if we need to configure a member server it has to be done via
Local Security policies ?

Regards
Jeff Richardson

Posted by Robert Moir on August 4, 2005, 3:03 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Jeff Richardson wrote:

> I'm familiar with basic concepts of GPO, however, can I use GPO and

> apply it to SPECIFIC users only when the log on to a SPECIFIC server

> (a Terminal Server)

> I found docuemntation to apply to a specific server but that seems to

> effect everyone logging onto that server - I need it to apply only to

> 5 or 6 users when they log onto one server only.

> What procedure do I have to follow for a DC and / or a member server

> - I'm assuming that if we need to configure a member server it has to

> be done via Local Security policies ?

GPOs apply to objects (users or computers) within an OU that you have
assigned to hold those objects.

Further, you can edit the properties of a GPO and control via the normal
Windows permissions dialogues who can do what with a GPO - including who can
apply it.

Posted by =?Utf-8?B?Sm9oYW4gU3RyYW5nZQ== on August 4, 2005, 5:39 pm

If you were Registered and logged in, you could reply and use other advanced thread options

I would create a security group and make these users members. Then create an
OU and put the TS in it (assuming that TS is not running on a DC). Create and
link your GPO to this OU and then give the security group apply groups policy
rights, and remove apply group policy rights from other users. That will do
the trick.....

"Jeff Richardson" wrote:

> I'm familiar with basic concepts of GPO, however, can I use GPO and apply it

> to SPECIFIC users only when the log on to a SPECIFIC server (a Terminal

> Server)

> I found docuemntation to apply to a specific server but that seems to effect

> everyone logging onto that server - I need it to apply only to 5 or 6 users

> when they log onto one server only.

> What procedure do I have to follow for a DC and / or a member server - I'm

> assuming that if we need to configure a member server it has to be done via

> Local Security policies ?

> Regards

> Jeff Richardson

Posted by Roger Abell on August 5, 2005, 9:10 am

If you were Registered and logged in, you could reply and use other advanced thread options

In the GP documentation, look up how to use "loopback" processing,
as this is a classic case of where it may be used, in order to get some
user policy settings applied to specific users only when they have
logged into particular machines.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA

> I'm familiar with basic concepts of GPO, however, can I use GPO and apply

> to SPECIFIC users only when the log on to a SPECIFIC server (a Terminal

> Server)

> I found docuemntation to apply to a specific server but that seems to

effect

> everyone logging onto that server - I need it to apply only to 5 or 6

users

> when they log onto one server only.

> What procedure do I have to follow for a DC and / or a member server - I'm

> assuming that if we need to configure a member server it has to be done

via

> Local Security policies ?

> Regards

> Jeff Richardson

Similar Threads	Posted
Limit user access to server	August 12, 2005, 12:09 am
Limit Remote Control "shadowing" to Managers	June 20, 2007, 5:19 pm
Control time limit of cached credentials	July 2, 2008, 10:58 am
Limit domain user logon to a unique workstation	September 17, 2005, 7:18 pm
Security to limit creating new folders in shared network drive	September 7, 2005, 12:11 am
Unable to access officews shared folder with remote access VPN	July 5, 2005, 4:39 am
Re: How to allow Read only access to a folder but Write access to cont	January 22, 2008, 10:22 pm
How to allow Read only access to a folder but Write access to cont	January 22, 2008, 8:28 pm
Access is denied to some my folders. How to regain access?	June 17, 2005, 7:38 am
Allowing access to admin$ on NT4 -- getting "Access is Denied"	November 17, 2005, 12:01 pm

The site map in XML format XML site map