Need computer help

thrasherfox

BUSA
Donating Member
Registered
Ok, here is the scenario.

I have not worked with Active directory much, was never a need, now I have a need.


I have created a Domain group policy and inserted am administrative template that allows me to disable removable media.

I also created a domain security group in hopes to tie the group policy into the security group so I can easily manage who may and may not user removable media.


How do I tie the newly created domain group policy so that only the users in the domain security group are affected by the group policy?
 
are you trying to disable access to removable media at individual workstations allowing access only to specific users? or is this on just a single machine?
 
are you trying to disable access to removable media at individual workstations allowing access only to specific users? or is this on just a single machine?
I have a network of computers that I wish to disable access to all removebale media to most users with only a handfull of people have the ability to use removebale media.


I have applied this template to individual workstations and it works great, however it affects the workstation not the individual user.

I want to utilize active directory so I can control access in regards to individual users, not computers.
 
Ron -

I would make sure that you create a separate policy for just this; don't use default domain policy, etc.

Create the policy, call it something like 'Disable Removable Media' or something descriptive.
Make the necessary change(s).
Now, back at the Group Policy tab, select the policy and click 'Properties'.
Click on the Security Tab.
First, look at the permissions that are assigned. You will probably notice that 'Authenticated Users' has 'Apply Group Policy' set.
If this policy is only going to affect certain user accounts, REMOVE 'Authenticated Users' from the security context - otherwise EVERY user will get the policy applied.
Add the group you created for this policy and give it Read and Apply Group Policy permissions.
Click OK to apply.
Let the GP propagate to all your Domain Controllers.

Force the Group Policy to update on the end user stations:

Windows 2000: secedit /refreshpolicy user_policy
Windows XP/2003: gpupdate /force


Give that a shot.
 
may have to disable the local policy you set at the workstations when you are done with the domain policy
 
Domain Group Policy will override anything set on the local workstation.
 
Ron -

I would make sure that you create a separate policy for just this; don't use default domain policy, etc.  

Create the policy, call it something like 'Disable Removable Media' or something descriptive.
Make the necessary change(s).
Now, back at the Group Policy tab, select the policy and click 'Properties'.
Click on the Security Tab.
First, look at the permissions that are assigned.  You will probably notice that 'Authenticated Users' has 'Apply Group Policy' set.
If this policy is only going to affect certain user accounts, REMOVE 'Authenticated Users' from the security context - otherwise EVERY user will get the policy applied.
Add the group you created for this policy and give it Read and Apply Group Policy permissions.
Click OK to apply.
Let the GP propagate to all your Domain Controllers.

Force the Group Policy to update on the end user stations:

Windows 2000:  secedit /refreshpolicy user_policy
Windows XP/2003:  gpupdate /force


Give that a shot.
PM sent
biggrin.gif
 
Back
Top