| Author | Messages | |
netman06
Posts:9
 | | 08/25/2010 4:18 AM |
| Hello,
I need help with understanding one concept about security filtering.
I need to have a gpo applied to only one computer, with a OU with many
other computers.
So, I created a security group, then placed the one computer into that
security group.
Next, created a test gpo, added my security group with the one
computer, into the security filter section.
This is where the trouble for me come into play.
Do you remove authenticated users, or leave it.
because it does not seem to work correctly without it.
So if the answer is leave it, then why would you put the security
group with the one computer too.
Because the gpo is pointed at the computer configuration and not the
user configuration.
I also tried removing the read and apply gpo from the authenticated
users, it just removed it altogether.
Need help,
Thanks,
| | | |
| dmarelia
Posts:394
| | 08/25/2010 4:21 AM |
| Mike-
If you want to target one computer,then you would need to remove Authenticated Users from Security Filtering and only include the group containing your computer account. Keep in mind that if you added the computer account to the group recently, then the computer may need to be rebooted to pick up the new group membership.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Mike Smith
Sent: Tuesday, August 24, 2010 8:15 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] GPO Security Filtering Question
Hello,
I need help with understanding one concept about security filtering.
I need to have a gpo applied to only one computer, with a OU with many
other computers.
So, I created a security group, then placed the one computer into that
security group.
Next, created a test gpo, added my security group with the one
computer, into the security filter section.
This is where the trouble for me come into play.
Do you remove authenticated users, or leave it.
because it does not seem to work correctly without it.
So if the answer is leave it, then why would you put the security
group with the one computer too.
Because the gpo is pointed at the computer configuration and not the
user configuration.
I also tried removing the read and apply gpo from the authenticated
users, it just removed it altogether.
Need help,
Thanks,
| | | |
| dougdelaney
Posts:43
| | 08/25/2010 4:33 AM |
| Darren and Mike,
Correct,
The Authenticated Users group contains ALL Domain Users and Domain Computers that have "authenticated" (logged on), so they by default become members of this group, and groups like Everyone.
When you remove a group from GPO permissions, turn off inheritance, and ensure you "copy" permissions versus remove, so you can adjust accordingly and leave the correct permissions on the GPO for your end result - so as not to creat future SYSVOL permissions issues.
Doug Delaney
Technology Consultant III
Americas Regional Deliver Engineering
HP Enterprise Services
Telephone +1 248.365.9187
Mobile +1 248.210.4973
Email xxxxxxxxxxxxxxxx
985 W. Entrance Dr., 2A / Auburn Hills, MI 48326
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia
Sent: Tuesday, August 24, 2010 11:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] GPO Security Filtering Question
Mike-
If you want to target one computer,then you would need to remove Authenticated Users from Security Filtering and only include the group containing your computer account. Keep in mind that if you added the computer account to the group recently, then the computer may need to be rebooted to pick up the new group membership.
Darren
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Mike Smith
Sent: Tuesday, August 24, 2010 8:15 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] GPO Security Filtering Question
Hello,
I need help with understanding one concept about security filtering.
I need to have a gpo applied to only one computer, with a OU with many
other computers.
So, I created a security group, then placed the one computer into that
security group.
Next, created a test gpo, added my security group with the one
computer, into the security filter section.
This is where the trouble for me come into play.
Do you remove authenticated users, or leave it.
because it does not seem to work correctly without it.
So if the answer is leave it, then why would you put the security
group with the one computer too.
Because the gpo is pointed at the computer configuration and not the
user configuration.
I also tried removing the read and apply gpo from the authenticated
users, it just removed it altogether.
Need help,
Thanks,
| | | |
| netman06
Posts:9
| | 08/26/2010 12:42 PM |
| Thank You for your help!.
Mike
On Tue, Aug 24, 2010 at 9:21 PM, Darren Mar-Elia <xxxxxxxxxxxxxxxx> wrote:
> Mike-
> If you want to target one computer,then you would need to remove Authenticated Users from Security Filtering and only include the group containing your computer account. Keep in mind that if you added the computer account to the group recently, then the computer may need to be rebooted to pick up the new group membership.
>
> Darren
>
> -----Original Message-----
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Mike Smith
> Sent: Tuesday, August 24, 2010 8:15 PM
> To: xxxxxxxxxxxxxxxx
> Subject: [gptalk] GPO Security Filtering Question
>
> Hello,
>
> I need help with understanding one concept about security filtering.
>
> I need to have a gpo applied to only one computer, with a OU with many
> other computers.
>
> So, I created a security group, then placed the one computer into that
> security group.
>
> Next, created a test gpo, added my security group with the one
> computer, into the security filter section.
>
> This is where the trouble for me come into play.
>
> Do you remove authenticated users, or leave it.
>
> because it does not seem to work correctly without it.
>
> So if the answer is leave it, then why would you put the security
> group with the one computer too.
>
> Because the gpo is pointed at the computer configuration and not the
> user configuration.
>
> I also tried removing the read and apply gpo from the authenticated
> users, it just removed it altogether.
>
> Need help,
>
> Thanks,
>
>
| | | |
|
|