Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

policy on specific computer

Status
Not open for further replies.
grobbu

grobbu

Programmer
Jun 25, 2002
40
BE
Hello,

I have a domain with a windows 2003 server. Some accounts, some policies. This all works.

But there are four latops being used 'on the road'... Is it possible to apply certain policies to these laptops (like hiding control panel, shutdow button, no ie). These policies need to be applied no matter who logs in....

So if a user logs in on a 'normal' pc all looks normal. If he logs on to one of the four 'on the road' laptops with same user/passw some extra policies need to be applied.

I already made an extra org. unit 'on the road'. but things like 'hide control' panel i can't apply with computer policies...

any help?
tx bazz
 
Sort by date Sort by votes
Now this is only from personal experience, mind you...
If the policy is applied domain wide it should affect all computers on the domain to which the policy apply (ie those machines "on the road"). However, the policy would only be applied if they logged in directly to the domain (ie logging into domain AFTER they connect to VPN [Cisco VPN supports this]). If they are just VPN'd into the domain after login, the policies don't take effect as they don't go through the normal script and GPO pushes unless the policy if forced.
At least that is how I understand it...

cckens

"Not always my best shot, but I hit the target now and then"
-me
 
Upvote 0 Downvote
ok you got it right for setting the policy at the OU level. What you need to then do is enable loppback in the policy with the replace option. That should allow any user who logs onto the box to get the user settings from the laptops OU policy.
however, as mentioned, they HAVE to log onto the domain in order to apply this policy. The policy WILL apply over VPN as long as ICMP, SMB, and DNS ports are opened to the DC. If you have VPN client set to start before logon, this occurs at logon...otherwise, as mentioned, gpupdate /force after VPNing in is the only option.

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 
Upvote 0 Downvote
tx for help
the loopback setting worked!

I already tried it before but didn't restart the client pc. I tought log off and log in was enough to aply new settings.
so most important thing i learned
always gpupdate /force and restart client

 
Upvote 0 Downvote
for xp, it actually takes 2 logoffs/logons to apply policy fully, even after a gpupdate force. it can also take 1-2 reboots for some computer settings to apply. since loopback can be user or computer setting, a reboot is usually needed on the client side.

glad u got it working :)

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
137
DrB0b
DrB0b
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
99
mikehook
mikehook
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
96
maybeimaleo
maybeimaleo
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
116
StevenFromSouth
StevenFromSouth
edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
102
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top