Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

GPO Application

0 views
Skip to first unread message

Ben Roubicek

unread,
Dec 19, 2000, 3:37:30 PM12/19/00
to
Situation:
2 Domains. Domain A and Domain B. Bob's User Account (Bob) was created in
Domain A and resides in an OU, his office computer is attached to Domain B
(computer is Windows 2000 Pro), and is also in an OU. His network
administrator wants to apply a Group Policy on the account (or OU) ONLY when
he logs into Domain B. The same group policy would not take affect in the
domain A. The network administrator wants to apply the policy to the USER,
not the COMPUTER.

Question:
How do I apply a group policy on User "Bob" (or the OU) so that the policy
only is applied in Domain B and the actual location of the Group Policy also
resides in Domain B, and the Account resides in Domain A. make sense?

If someone needs more clarifiaction, i would be happy to offer more.
--
Ben J. Roubicek
Database Administrator / Web Developer
Student Computing Services
Information Technology
Washington State University
Work: (509)335-0605
Pager: (509)334-5056

Roger Abell

unread,
Dec 20, 2000, 9:44:44 AM12/20/00
to
This could be done with loopback processing by a GPO on the OU of
Domain B that contains the machine, with the GPO filtered to apply to
a group that contains the user. Not enough info is given to see whether
merge or replace processing would be used in the loopback processing.
However, IMO, use loopback only where a structural choice can not
be found that allows a more maintainable GPO design.

"Ben Roubicek" <ra...@wsu.edu> wrote in message
news:#l1TDufaAHA.896@tkmsftngp02...

Ben Roubicek

unread,
Dec 21, 2000, 3:23:16 PM12/21/00
to
have you put this concept into practice?

in other words, does the loopback work when links to users and groups from
different domains are involved?

--
Ben J. Roubicek
Database Administrator / Web Developer
Student Computing Services
Information Technology
Washington State University
Work: (509)335-0605
Pager: (509)334-5056

"Roger Abell" <ab...@asu.edu> wrote in message
news:ubwTdLpaAHA.1564@tkmsftngp03...

Roger Abell

unread,
Dec 22, 2000, 10:04:29 AM12/22/00
to
Tested it, yes. Put into practice, no. It is rather messy.
However, it is the solution for such as desktop control that
is independent of the user (kiosk like), or for preventing
travelling users from triggering unwelcome desktop config
when logging in at other than their normal site/domain.
Having uses/machines from differing domains involved does not
cause much difference, unless you start linking GPOs across
domain boundaries (performance).

"Ben Roubicek" <ra...@wsu.edu> wrote in message

news:#Clbcv4aAHA.1960@tkmsftngp05...

0 new messages