Computer based group policy

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I would like to create a computer based policy to customize start menu and
desktop icons for Windows XP users. I know you can do this via a user-based
GPO, but the computers that I need to apply these lockdown group policy
features to are autologin pcs that log into the local worksation, but are
members of a 2003 domain so therefore I need a computer based policy. If
this can't been done via GP, are there other ways. I need to do things like
create a policy that will allow no icons on desktop and nothing on the start
menu.
Thank you.
 
Howdie!

gsmith@gbmc said:
I would like to create a computer based policy to customize start menu and
desktop icons for Windows XP users. I know you can do this via a user-based
GPO, but the computers that I need to apply these lockdown group policy
features to are autologin pcs that log into the local worksation, but are
members of a 2003 domain so therefore I need a computer based policy. If
this can't been done via GP, are there other ways. I need to do things like
create a policy that will allow no icons on desktop and nothing on the start
menu.
Click to expand...

You can do that with "loopback":
http://www.frickelsoft.net/blog/?p=22

cheers,

Florian
 
Thank you. I tried the Loopback policy prior to this posting but maybe I was
doing something wrong. I created an OU called test and then put one computer
in that group that I want the policy applied. I then configured a user based
GPO for the desktop settings on the test OU. I then created enabled loopback
in computer configuration in merge mode on the test OU.

When I go to the computer that is in the TEST OU and log in locally, the
desktop settings that I have created in the GPO do not apply. Am I missing a
step?
 
I did that prior to the posting but maybe I missed a step. I created a Test
OU and then moved a computer account into that Test OU. I created a GPO with
specific desktop settings in user configuration and applied it to the Test
OU. I then enabled Loopback in computer configuration under the Test OU.

When I go to the pc that is in the Test OU and log on locally using an
autologin account, it does not apply the group policy. These computers
autologin locally with an account that does not exisit in AD.
 
Howdie!

gsmith@gbmc said:
Thank you. I tried the Loopback policy prior to this posting but maybe I was
doing something wrong. I created an OU called test and then put one computer
in that group that I want the policy applied. I then configured a user based
GPO for the desktop settings on the test OU. I then created enabled loopback
in computer configuration in merge mode on the test OU.
Click to expand...

When loopback is enabled, the "user configuration" settings that are
configured with the computer's OU will replace or merge with the
settings the user gets applied from his/her OUs.

You need to make those desktop settings on the test OU you created the
computer account in.

cheers,

Florian
 
Are both the user and computer sections of the GP enabled (must be)?
Did you change the security group filtering (not needed/wanted
for your scenario)?
 
Back
Top