Group Policy Gurus Needed - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 03-29-2005, 01:27 PM   #1 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Post Group Policy Gurus Needed

I purchased a nice resource book last week (Using Windows XP, Platinum Edition) for pretty much the sole purpose of learning more about Group Policy, and this book had the most text available on the topic.

I'm off to a good start, and I can assign local policy, but what the book doesn't tell me (or at least it doesn't come right out and tell me directly) is how to assign local policy to a security template so that I can distribute the policy across Active Directory. It skips right to Security Templates and says "Policy can be applied in these templates." Per the book's instructions, I've dabbled in gpedit.msc and mmc and have yet to see anything that looks correct.

An excerpt: "Computer Configuration applies policy locally. User Configuration applies policy to ALL users on Active Directory."

Hence, I realize I can go to each computer and edit Computer Configuration individually, but how can I utilize Active Directory (Windows Server 2003) to make policy apply to a specific group? I see no option tabs in the group for which I wish to apply the policy.

Thanks in advance.
__________________

__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Old 03-29-2005, 01:30 PM   #2 (permalink)
Ultra Techie
 
Join Date: Jul 2004
Posts: 887
Default

i'm actually learning this group policy thing myself. have another thread where the guys have been really helpful, especially inaris.

maybe i need to get my hands on one of those books.
__________________

xotix is offline  
Old 03-29-2005, 02:09 PM   #3 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Default

Ok, I figured out how to apply policy through Active Directory groups.

DomainObject/Properties/GroupPolicy/Properties/Security
Apply Group Policy for desired groups/users.

Hooray for me. So scratch half of my first post, now I just have to make sure the policy I'm creating on the server can be exported to templates and installed on my clients. Help!

Edit: And if there's an easy way to run a logon script to make a window pop up and say something along the lines of "we are watching you" (but not in that exact wording of course) that would be great!
__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Old 03-29-2005, 04:16 PM   #4 (permalink)
Master Techie
 
Join Date: Oct 2003
Posts: 2,258
Default

The best resource I have on the topic of GPO's is in the Windows 2003 Deployment Kit. It's a set of 7 books that cover this stuff very well.
The best thing you can use is called a logon banner. It's seen after you press Ctrl, Alt, del and requires you to click ok to clear it. gives you the ability to fill in the details on what they can and can't do if you want...
here is the policy area you want...
Computer config, Windows settings, Local Policies, Security options:
Interactive Logon: Message Test for Users attempting to log on.
and
Interactive Logon: Message title for users attempting to log on.

That should do it for you.
Good luck
Inaris is offline  
Old 03-31-2005, 01:01 PM   #5 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Default

Thanks, Inaris! I found the Interactive Logon and applied the settings and it works properly. However, is there a way to have that popup come up AFTER logging in?

Edit: You know what? Scratch that. I think I'm going to leave that message there and post the School District's Computer Policy, that way the kids will have that message right there.

Also, it appears I'm having issues applying the Group Policy to certain groups/members on the domain. Although I changed the Policy's settings to "Apply Group Policy" to said members, it still appears that it is applying to everyone in the AD. Odd.
__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Old 03-31-2005, 03:00 PM   #6 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Default

*bumping, not finished yet*

Inaris, that policy is Computer Configuration so that means it's local, right? How can I get a local policy across the domain, as it were a User Configuration?
__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Old 04-01-2005, 02:44 PM   #7 (permalink)
Master Techie
 
Join Date: Oct 2003
Posts: 2,258
Default

it's applied to the workstations. not the users. so it's in effect for everyone...
Inaris is offline  
Old 04-01-2005, 04:47 PM   #8 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Default

Isn't that the other way around? I'd have to apply it to every workstation, instead of having the policy distributed through Active Directory, right?

So my next question would be, how do I put policy (user and computer policy) into a template and export it to the other computers? I messed around with the export option, but none of it seems to work.
__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Old 04-01-2005, 05:42 PM   #9 (permalink)
Master Techie
 
Join Date: Oct 2003
Posts: 2,258
Default

In ad, users and computers are just seen as same with different container template types. The template for the computers apply settings to the workstation. the settings for the users apply for the users. Workstation based policy effects all users that logon to workstations with that policy. So if a user logs onto a machine that doesn't have the Initial logon message applied to it, it won't be on that machine. You have to apply machine policies to the container with the machines in it.
Users policy effects those users with that policy on any machine they go to.
Does that make sense?
Inaris is offline  
Old 04-05-2005, 11:12 AM   #10 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 195
Default

That makes perfect sense. So how do I apply policy to said "containers?"

Do I use mmc to do that?
__________________

__________________
*\'Failure\' is not a four-letter word.
star_topology is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 06:26 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.