SBS 2003 GPO setting exclusion

Discussion in 'Windows Small Business Server' started by Jim, Aug 10, 2010.

  1. Jim

    Jim Guest

    http://www.experts-exchange.com/Sof...tanding-Group-Policy-Loopback-Processing.html

    Getting closer ?

     
    Jim, Aug 13, 2010
    #21
    1. Advertisements

  2. Jim

    Jim Guest

    http://www.petri.co.il/forums/showthread.php?t=7184

    ...along similar lines I guess ?

     
    Jim, Aug 13, 2010
    #22
    1. Advertisements

  3. Jim

    Kerry Brown Guest

    I'm not sure where you're going wrong. Group Policy and especially loopback
    processing is one of those learning curves where it seems impossible then
    all of a sudden a light turns on and it all makes sense. Have you used the
    gpresult.exe tool to see what policies are being applied?

    http://www.microsoft.com/windowsxp/using/setup/expert/gpresults.mspx

    --
    Kerry Brown
    MS-MVP - Windows Desktop Experience: Systems Administration
    http://www.vistahelp.ca/phpBB2/


     
    Kerry Brown, Aug 14, 2010
    #23
  4. Jim

    Jim Guest

    I know what you mean ;-)

    Yes, am using gpresult





     
    Jim, Aug 14, 2010
    #24
  5. Jim

    Jim Guest

    OK, I think that I have cracked it...

    So, just in case anyone else has the same problem here is what I have done,
    please feel free to correct me if you feel that I have made any glaring
    errors.

    We start with the 'Small Business Server Client Computer Policy'

    Then edit thus:

    Small Business Server Client Computer Policy

    Computer Configuration

    Administrative Templates
    Control Panel
    Display
    Screensaver
    Enabled
    sspipes.scr
    900secs

    This is the default screensaver we want all the domain PC's to use.
    Check this is working, OK.





    Then make a new OU in Active Directory called 'Public Computer OU'.

    Move the public computer, PC4 or whatever, that we want the different
    screensaver settings to apply to into that OU.

    All other domain PC's stay in their original OU.


    Then create a new 'Global Security Group' called 'Public Computer Security
    Group'

    Add 'Domain Users' into this security group (as any of the network users
    might\could logon to the Public Computer)


    Next Create and Link a new GPO called 'Public Computer Policy' linked to the
    'Public Computer OU'.

    Then remove 'Authenticated Users' from the 'Security Filtering' and add the
    'Public Computer Security Group' and also the computer account for 'PC4'

    Then in 'Public Computer Policy' GPO edit accordingly:

    Computer Configuration

    Administrative Templates
    System
    Group Policy
    User Group Policy loopback processing mode
    Enabled
    Merge (or Replace)


    User Configuration

    Administrative Templates
    Control Panel
    Display
    Screensaver
    Enabled
    ssmarque.scr
    120secs



    Gpupdate /force on the server

    Shut down and reboot domain PC's and also public computer PC4

    Log back onto domain PC's, they have sstars.scr screensaver

    Log onto PC4 it now has ssmarque.scr screennsaver !

    Sorted.

    Obviously this being a computer in a managed reception area I'm going to
    lock a lot more things down and setup a specific account for general use.
    It's not really a public computer as such.

    Now to have a little look at the Merge/Replace and see what that brings to
    the table.
    Like you said, once you play with it long enough it just sort of clicks.

    Thanks for everyones input, I'll have a look at the newer Group Policy
    Preferences soon as I get a moment.

    Jim.

     
    Jim, Aug 14, 2010
    #25
  6. Jim

    Kerry Brown Guest

    Glad to hear you got it sorted.

    --
    Kerry Brown
    MS-MVP - Windows Desktop Experience: Systems Administration
    http://www.vistahelp.ca/phpBB2/




     
    Kerry Brown, Aug 15, 2010
    #26
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.