Loopback Policy

[James]

Is there a way to prevent Admins from being affected
by loopback policy when loging on to a machine that is
located in OU that is configured with Loopback GPO? I
disabled Control Pannel etc for all users who log on to
those machines, but I don`t want Admins to get these
settings.

Thanks

 

[Gary]

I think this should work.

Dont give the Admin account allow permission on Apply
Group Policy for that GPO.

 

[Steven L Umbach]

You will have to give the Admins "deny " permissions on the apply,
because they also have apply permissions by being a member of the users
group. --- Steve

 

[Steven Umbach]

I agree. Filtering should be used sparingly, if at all as it can be a
really difficult thing to troubleshoot - especially when the person who did not
implement it is the one trying to figure things out. In general I do not like to
use deny permissions. Many do not realize that in ntfs permissions an explicit
allow overrides an inherited deny. When a user or group is not included in any
permissions it is an implicit deny permission. --- Steve