GPO Based on Machine possible?

K

Kardon Coupé

Dear All,

I've got a nice working GPO setup, but one of the settings hides/disabled
certain drives on a machine, but I would like this user to be able to access
another machine which has a different set up of drives, hence the GPO
doesn't work on that machine (well it does activate, but looks wrong).

Is there a way of have a GPO that is Machine Dependant, so I can have the
right drives disabled on the right machine?

Regards
Paul.
 
K

Kardon Coupé

By reading that that seems to imply that the settings apply to 'Any' user
who logs onto the machine, I'm only wanting it to affect a particular user?
or am I reading that wrong?
 
M

Mark Heitbrink [MVP]

Hi,
By reading that that seems to imply that the settings apply to 'Any' user
who logs onto the machine,
Click to expand...

Yes, in the first step, if read/apply is given to "authenticated users"
I'm only wanting it to affect a particular user?
Click to expand...

You can filter the GPO with security settings.
Remove Auth.Users and give read/apply only to the computeraccount and the
specific user or usergroup.

Mark
 
K

Kardon Coupé

Mark,
You can filter the GPO with security settings.
Remove Auth.Users and give read/apply only to the computeraccount and the
specific user or usergroup.
Click to expand...

I do understand what your meaning/saying, but I can't seem to achieve the
result required, when I add Machine 1 to the GPO1, it applies on the Machine
1, and doesn't Apply on Machine 2, so I created another script, and
technically reveresed my requirements, to work on Machine 2, and not on
Machine 1, but the GPO2 doesn't run..Do you think they are causing problems
with each other?
 
K

Kardon Coupé

Mark,

Just another addition to this current thread, the only way I can get GPO's
to apply is by having "Authenticated Users" in the Security tab :-(

Any other tips?

Regards
Paul
 
M

Mark Heitbrink [MVP]

Hi,
Just another addition to this current thread, the only way I can get GPO's
to apply is by having "Authenticated Users" in the Security tab :-(
Click to expand...

Then I think, your object is not in the scope of your GPO and you are
trying to apply GPOs only to securitygroups, but mention, that
filtering by securitygroup is only an optional setting.
You object must be in the scope.

an example which doesn´t work:
- OU "My Users"
- linked GPO "settings for my users"
inside this OU is only a security group ... no object -> no efect.

The way filtering works, no matter, where the security group is stored,
the group can be placed anywhere ...
- OU "My Users"
- User1, Memberof HR
- User2, Memberof Finance
- linked GPO "settings for HR", filtered by SecGroup HR (read/apply)
- linked GPO "settings for Finance", filtered by SecGroup Finace

User1 will be in the scope of "Settings for finance" but it is filtered,
the object has not the permission to read and apply, so the only GPO that
will be taken is "settings for HR"

Mark
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO IE Zone Mapping issue on TS 2
Some parts of Windows 2008 GPO not applied for some users 1
GPO not applying 1
Export GPO Settings? 5
Would Like Only to Display Shared Drive. 1
Applying group policy based on machine... 7
GPO Status: question 2
Proxy settings per machine..? 2

Top