GPO only for admins

  • Thread starter Thread starter Jose Luis
  • Start date Start date
J

Jose Luis

Hello everybody,

Actually I have some policies in may domain with a hight level of
restriction because we have a lot of users in Citrix environment and I
would like to create a new policy only for administrator for deny some
policies (ie. Add, Delete programs, change registry, etc...)

The Default Policy Domain has "Authenticated users" and the
Administrators are "Authentecated users" too.

If I try out "Authentecated users" and only put "Domain Admins." the
policy doesn't work.

Any idea?

Thanks.
Jose Luis.
 
Hi

Do you mean using security filtering in the GPO or putting domain admins in a
particular OU and linking the policy there?

Have you run RSoP and GPresult,Gpupdate to see IF the policy is applied and
over written or just no t applied etc etc

Try creating a new GPO not editing the default domain policy .....same result?


Regards

S
 
Thank you for your answer.

Answering your questions:

The policies are for computers and not for users and I need to include
"Autenticated Users" in the policies because if I do not included this
users in the policy it is denied automatically and how the
Administrator. If I only inculded in the policy only "Domains Admins."
it is denied automatically.

Ie.
GPO 1 - "Autenticated Users" policy apply - Is running for all users.
GPO 2 - "Domain Admins" policy apply - Is denied for Admins.
GPO 3 - "Autenticated Users" deny and "Domain Users" aply - Is deny for
Admins

In the GPResult is denied.

Rgds,
Jose Luis.
If I create a new policy the result is the same.
 
In all security settings, Deny always takes precedence over any Allow
setting, so denying "Authenticated Users" means Allow Domain Users will be
ignored, since all Domain Users are automatically an "Authenticated User".

Computer Configuration settings are always applied to computers regardless
of who logs on.

User Configuration settings are applied to Users, not computers.

Please see http://support.microsoft.com/?kbid=231287 for how to use loopback
processing to have specific User Configuration settings applied when users
log on to particular computers. See Method 2 in
http://support.microsoft.com/?kbid=260370 for how to use loopback processing
for this purpose specifically for Terminal/Citrix servers.
 
Back
Top