Remove Add or Remove Programs GPO Question

Discussion in 'Active Directory' started by Cliff, Dec 7, 2006.

  1. Cliff

    Cliff Guest

    I am trying to enable the "User Configuration\Administrative
    Templates\Control Panel\Add or Remove Programs\Remove Add or Remove
    Programs" GPO but with the following stipulations:

    Authenticated Users - Apply
    Domain Admins - Deny
    Desktop computers - Apply
    Laptop computers -Deny

    I have created an OU with the desktop computer accounts and an OU with the
    laptop computer accounts and placed computer accounts appropriately. When
    linking the GPO to the Desktops OU it is not applied, most likely because
    this is a User Configuration GPO being applied to computer accounts.

    Scenario 1
    Domain.com
    |----Desktops OU
    |----Add/Remove Programs GPO
    Authenticated Users - Allow Apply Group Policy
    Domain Admins - Deny Apply Group Policy

    I have also created Laptop and Desktop groups and placed the computer
    accounts in the groups appropriately. I have tried linking the GPO to the
    domain and applying the Deny permission to the Domain Admins and the Laptops
    groups. In this scenario the GPO is applied to all computer accounts
    including those in the Laptops group.

    Scenario 2
    Domain.com
    |----Add/Remove Programs GPO
    Authenticated Users - Allow Apply Group Policy
    Domain Admins - Deny Apply Group Policy
    Laptops - Deny Apply Group Policy

    Is there any way to accomplish both sets of goals?

    Thanks,
    Cliff
     
    Cliff, Dec 7, 2006
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.