Hi Mario
You could always use a site policy to apply the user settings. Any user
that authenticates from the AD site X gets the user policy while any user
that authenticates in any other site does not. You could then put the
subnet with your Citrix server in a different site, use the Site coverage
settings to make your DC cover both sites and voila.
Regards;
James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]
|---------+---------------------------------->
| | "Rosales, Mario" |
| | <[EMAIL PROTECTED]> |
| | Sent by: |
| | [EMAIL PROTECTED]|
| | tivedir.org |
| | |
| | |
| | 11/12/2004 08:33 AM CST|
| | Please respond to |
| | ActiveDir |
|---------+---------------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]> |
| cc: (bcc: James Day/Contractor/NPS)
|
| Subject: RE: [ActiveDir] OU and Policies
|
>------------------------------------------------------------------------------------------------------------------------------|
So are you saying that cannot be done? Then how do you handle citrix
servers?
For example users logging into their computer should have the settings from
both policies but if they log into a Terminal type server, how do you
override that setting? Create an entire new User Policy?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Friday, November 12, 2004 8:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OU and Policies
Wow. Can you reword that? I think your saying that you have a user in one
OU, and a computer account in another with the policy blocked. You want to
know why user policy is being applied to a user using a computer that is in
an OU with blocked policy (now you have me doing it :), right?
Al
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rosales, Mario
Sent: Friday, November 12, 2004 9:06 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] OU and Policies
Ok have a question hopefully some of you out there could help me out.
We have
MAINOU->OU1
MAINOU->OU2 <-Block Policy Inheritance
MAINOUT-> USER POLICY (Lock Down ScreenSaver Setting) COMPUTER POLICY
MAINOUT-> (Other Policy Settings) Enforced
user1 in OU1
Computer1 in ou2
When user1 logs in - the settings of User Policy still apply.
Am I doing something wrong?
Hope that makes sense
Thanks,
Mario
***************************************************************************
The contents of this communication are intended only for the addressee and
may contain confidential and/or privileged material. If you are not the
intended recipient, please do not read, copy, use or disclose this
communication and notify the sender. Opinions, conclusions and other
information in this communication that do not relate to the official
business of my company shall be understood as neither given nor endorsed by
it.
***************************************************************************
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
***************************************************************************
The contents of this communication are intended only for the addressee and
may contain confidential and/or privileged material. If you are not the
intended recipient, please do not read, copy, use or disclose this
communication and notify the sender. Opinions, conclusions and other
information in this communication that do not relate to the official
business of my company shall be understood as neither given nor endorsed by
it.
***************************************************************************
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
