Using GPO to limit access

TheMSsForum.com: The Microsoft Software Forum

I'm familiar with basic concepts of GPO, however, can I use GPO and apply it
to SPECIFIC users only when the log on to a SPECIFIC server (a Terminal
Server)

I found docuemntation to apply to a specific server but that seems to effect
everyone logging onto that server - I need it to apply only to 5 or 6 users
when they log onto one server only.

What procedure do I have to follow for a DC and / or a member server - I'm
assuming that if we need to configure a member server it has to be done via
Local Security policies ?

Regards
Jeff Richardson
Top

Re: Using GPO to limit access by Robert

Robert
Thu Aug 04 14:03:58 CDT 2005

Jeff Richardson wrote:
> I'm familiar with basic concepts of GPO, however, can I use GPO and
> apply it to SPECIFIC users only when the log on to a SPECIFIC server
> (a Terminal Server)
>
> I found docuemntation to apply to a specific server but that seems to
> effect everyone logging onto that server - I need it to apply only to
> 5 or 6 users when they log onto one server only.
>
> What procedure do I have to follow for a DC and / or a member server
> - I'm assuming that if we need to configure a member server it has to
> be done via Local Security policies ?

GPOs apply to objects (users or computers) within an OU that you have
assigned to hold those objects.

Further, you can edit the properties of a GPO and control via the normal
Windows permissions dialogues who can do what with a GPO - including who can
apply it.


Top

RE: Using GPO to limit access by JohanStrange

JohanStrange
Thu Aug 04 16:39:52 CDT 2005

I would create a security group and make these users members. Then create an
OU and put the TS in it (assuming that TS is not running on a DC). Create and
link your GPO to this OU and then give the security group apply groups policy
rights, and remove apply group policy rights from other users. That will do
the trick.....

"Jeff Richardson" wrote:

> I'm familiar with basic concepts of GPO, however, can I use GPO and apply it
> to SPECIFIC users only when the log on to a SPECIFIC server (a Terminal
> Server)
>
> I found docuemntation to apply to a specific server but that seems to effect
> everyone logging onto that server - I need it to apply only to 5 or 6 users
> when they log onto one server only.
>
> What procedure do I have to follow for a DC and / or a member server - I'm
> assuming that if we need to configure a member server it has to be done via
> Local Security policies ?
>
> Regards
> Jeff Richardson
Top

Re: Using GPO to limit access by Roger

Roger
Fri Aug 05 08:08:12 CDT 2005

Not quite.
You also need to set the new GPO which uses security group filtering
(that sets the TS server and the custom group of users up to apply the
GPO) to use loopback processing.
Without loopback the GPO will only apply to objects in the OU,
which the User objects are not.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Johan Strange" <JohanStrange@discussions.microsoft.com> wrote in message
news:6DAD3DC3-1424-4712-9327-978E3D732592@microsoft.com...
> I would create a security group and make these users members. Then create
an
> OU and put the TS in it (assuming that TS is not running on a DC). Create
and
> link your GPO to this OU and then give the security group apply groups
policy
> rights, and remove apply group policy rights from other users. That will
do
> the trick.....
>
> "Jeff Richardson" wrote:
>
> > I'm familiar with basic concepts of GPO, however, can I use GPO and
apply it
> > to SPECIFIC users only when the log on to a SPECIFIC server (a Terminal
> > Server)
> >
> > I found docuemntation to apply to a specific server but that seems to
effect
> > everyone logging onto that server - I need it to apply only to 5 or 6
users
> > when they log onto one server only.
> >
> > What procedure do I have to follow for a DC and / or a member server -
I'm
> > assuming that if we need to configure a member server it has to be done
via
> > Local Security policies ?
> >
> > Regards
> > Jeff Richardson


Top

Re: Using GPO to limit access by Roger

Roger
Fri Aug 05 08:10:05 CDT 2005

In the GP documentation, look up how to use "loopback" processing,
as this is a classic case of where it may be used, in order to get some
user policy settings applied to specific users only when they have
logged into particular machines.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Jeff Richardson" <JeffRichardson@discussions.microsoft.com> wrote in
message news:6034ED3E-439C-4BA3-BA26-85920AAEF5BD@microsoft.com...
> I'm familiar with basic concepts of GPO, however, can I use GPO and apply
it
> to SPECIFIC users only when the log on to a SPECIFIC server (a Terminal
> Server)
>
> I found docuemntation to apply to a specific server but that seems to
effect
> everyone logging onto that server - I need it to apply only to 5 or 6
users
> when they log onto one server only.
>
> What procedure do I have to follow for a DC and / or a member server - I'm
> assuming that if we need to configure a member server it has to be done
via
> Local Security policies ?
>
> Regards
> Jeff Richardson


Top