Lookback GPO's and novel Users

  • Thread starter Thread starter Glenn M
  • Start date Start date
G

Glenn M

I have a computer GPO that performs lookback processing so that any
users that logon to the machines have their startmenu confiscated and
run commannds removed etc..

this is great when domain users logon , the loopback works great

however when users logon through a novel client they obviously dont
get the policy and they have full access..

these user have not got AD accounts so they are effectivley loging in
locally to the box which itself is a domain member.

Is there any way i can get this lookback user policy to these users so
they can't bypass my policy.
 
(e-mail address removed) (Glenn M) said
I have a computer GPO that performs lookback processing so that any
users that logon to the machines have their startmenu confiscated and
run commannds removed etc..

this is great when domain users logon , the loopback works great

however when users logon through a novel client they obviously dont
get the policy and they have full access..

these user have not got AD accounts so they are effectivley loging in
locally to the box which itself is a domain member.

Is there any way i can get this lookback user policy to these users so
they can't bypass my policy.
Click to expand...

If they are not logging into AD the only way I can think of doing it would be
through a local policy on the machines in question.
 
i supose i could copy now a new registry.pol to %windir%\system32\grou
policy\user and increment the local user policy serial number.

would be a bit dirty but would do the trick.
 
Back
Top