how do 2 users get different sets of policies

[K. Abit]

I'm new to active directory. I have a book but now clear on:

If user A is an administrator of sorts, and user B is a limited user on the
network, then obviously A should not have policies that prevent things like
accessing a floppy drive, but user B should have pretty tight policies.

But nowhere do I see examples or how to have 2 policies and bind user A to
one policy and user B to another. Is that not how this is typically done?
How do I do this simple thing, or please suggest the better way if there is
one.

 

[Jorge de Almeida Pinto [MVP - DS]]

if both users and in separate OUs, create a GPO for each OU and link the GPO
to its corresponding OU. Configure the settings of each GPO accordingly

if both users are in the same OU, create again two GPOs (GPO-A and GPO-B)
link them to the OU with both accounts and use security filtering.
On both GPOs you remove authenticated users with read and apply
On one GPO you configure userA with read and apply --> GPO-A will target
UserA
On the other GPO you configure userB with read and apply --> GPO-B will
target UserB

This is just an exmaple. but when using security filtering it is a best
practice to use groups to assign read and apply compared to configuring
individual user accounts

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[K. Abit]

Thanks but what do I click to create a new GPO?

And what do I click to remove authenticated users with read and apply?


"Jorge de Almeida Pinto [MVP - DS]"

 

[Jorge de Almeida Pinto [MVP - DS]]

to manage GPOs you can use the GPMC. you need to download it first

my suggestion is to start reading the following for a better understanding:
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx
http://technet2.microsoft.com/windo...4839-40f2-8892-ccf670f5a27a1033.mspx?mfr=true

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

Thanks but what do I click to create a new GPO?

And what do I click to remove authenticated users with read and apply?


"Jorge de Almeida Pinto [MVP - DS]"

if both users and in separate OUs, create a GPO for each OU and link the
GPO to its corresponding OU. Configure the settings of each GPO
accordingly

if both users are in the same OU, create again two GPOs (GPO-A and GPO-B)
link them to the OU with both accounts and use security filtering.
On both GPOs you remove authenticated users with read and apply
On one GPO you configure userA with read and apply --> GPO-A will target
UserA
On the other GPO you configure userB with read and apply --> GPO-B will
target UserB

This is just an exmaple. but when using security filtering it is a best
practice to use groups to assign read and apply compared to configuring
individual user accounts

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[K. Abit]

THANK YOU!

"Jorge de Almeida Pinto [MVP - DS]"

to manage GPOs you can use the GPMC. you need to download it first

my suggestion is to start reading the following for a better
understanding:
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx
http://technet2.microsoft.com/windo...4839-40f2-8892-ccf670f5a27a1033.mspx?mfr=true

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

Thanks but what do I click to create a new GPO?

And what do I click to remove authenticated users with read and apply?


"Jorge de Almeida Pinto [MVP - DS]"

if both users and in separate OUs, create a GPO for each OU and link the
GPO to its corresponding OU. Configure the settings of each GPO
accordingly

if both users are in the same OU, create again two GPOs (GPO-A and
GPO-B) link them to the OU with both accounts and use security
filtering.
On both GPOs you remove authenticated users with read and apply
On one GPO you configure userA with read and apply --> GPO-A will target
UserA
On the other GPO you configure userB with read and apply --> GPO-B will
target UserB

This is just an exmaple. but when using security filtering it is a best
practice to use groups to assign read and apply compared to configuring
individual user accounts

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
I'm new to active directory. I have a book but now clear on:

If user A is an administrator of sorts, and user B is a limited user on
the network, then obviously A should not have policies that prevent
things like accessing a floppy drive, but user B should have pretty
tight policies.

But nowhere do I see examples or how to have 2 policies and bind user A
to one policy and user B to another. Is that not how this is
typically done? How do I do this simple thing, or please suggest the
better way if there is one.