Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I apply user gp's depending on location?

Status
Not open for further replies.
Toxie

Toxie

IS-IT--Management
Nov 1, 2002
6
GB
This may sound stupid, But stay with me.

I work in a college and we have a number of open access areas. I need to restrict the machine/user with GPO's in those areas only. However, I can only apply user settings for the User OU's I have created and not the Room OU's.

For example in room F4 they can use IE and the Run command but in Room B37 they can't. These restrictions are under the user configuration of the GPO.

Is there anyway of doing this? So basically I want the User GP to be machine dependant.

Regards

Toxie
 
Sort by date Sort by votes
I've done that for the Computer Configuration part of the policy but it won't apply the user part as the users are not in that OU.

Thanks for trying though.
 
Upvote 0 Downvote
this may be an option to explore

use a LOCAL group policy on the PC you want to place restrictions on (eg removing the run command)

Then ensure the "no override" option is selected (this will stop) higher level gps from overwriting it
 
Upvote 0 Downvote
Cool, that works. But, how to distribute it to 2.5k machines. Shall I just copy the pol file from SystemRoot\System32\GroupPolicy\User to the other machines?
 
Upvote 0 Downvote
not sure

the above example i explained is meant to be used for a few pcs etc in a public library, internet cafe etc

a better way may be like this

create an OU called students
create an OU called Staff or teachers

apply a GPo (user based) on students to restrict their desktop regardless of whatever pc they log onto
apply a different GPO (user based) on staff giving them more access

If you need a pc to have no restrictions then apply a local policy with no overide (loopback processing may also prove to be of help)

the design of the active directory is important from the start and does not have to necessarily map to the organisation heirachy

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
266
DrB0b
DrB0b
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
96
penguinroundup
penguinroundup
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
137
DrB0b
DrB0b
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
454
gbaughma
gbaughma
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
144
technome
technome

Part and Inventory Search

Sponsor

Back
Top