Hi Mario You could always use a site policy to apply the user settings. Any user that authenticates from the AD site X gets the user policy while any user that authenticates in any other site does not. You could then put the subnet with your Citrix server in a different site, use the Site coverage settings to make your DC cover both sites and voila.
Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |---------+----------------------------------> | | "Rosales, Mario" | | | <[EMAIL PROTECTED]> | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 11/12/2004 08:33 AM CST| | | Please respond to | | | ActiveDir | |---------+----------------------------------> >------------------------------------------------------------------------------------------------------------------------------| | | | To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> | | cc: (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] OU and Policies | >------------------------------------------------------------------------------------------------------------------------------| So are you saying that cannot be done? Then how do you handle citrix servers? For example users logging into their computer should have the settings from both policies but if they log into a Terminal type server, how do you override that setting? Create an entire new User Policy? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, November 12, 2004 8:25 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OU and Policies Wow. Can you reword that? I think your saying that you have a user in one OU, and a computer account in another with the policy blocked. You want to know why user policy is being applied to a user using a computer that is in an OU with blocked policy (now you have me doing it :), right? Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rosales, Mario Sent: Friday, November 12, 2004 9:06 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] OU and Policies Ok have a question hopefully some of you out there could help me out. We have MAINOU->OU1 MAINOU->OU2 <-Block Policy Inheritance MAINOUT-> USER POLICY (Lock Down ScreenSaver Setting) COMPUTER POLICY MAINOUT-> (Other Policy Settings) Enforced user1 in OU1 Computer1 in ou2 When user1 logs in - the settings of User Policy still apply. Am I doing something wrong? Hope that makes sense Thanks, Mario *************************************************************************** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *************************************************************************** List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *************************************************************************** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. *************************************************************************** List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/