You may want to change the policy processing preferences so that you need the "User Group Policy loopback processing mode" policy configured.
You can find this policy under Computer Configuration\Administrative Templates\System\Group Policy folder. There will be two options: Replace and Merge. Replace - The user settings in the computer's GPOs replace the user settings applied to the user. Merge - combine the user settings in computer's GPOs and User's GPOs. If conflict, user settings in computer's GPOs take preference. Hope this helps. You should also consider changing the design of your Group Policy infrastructure. You may want to take advantage of the flexibility of User Configurations and Computer Configurations. You may design your GPOs to fit your requirements. Nuo Yan - MS MVP University of Washington http://msmvps.com/nuoyan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Umer Y. Sent: Friday, February 10, 2006 4:25 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Computer Policies based on User Logon? Hello All, I was wondering if there is a way to have a user logon to the machine and not have the computer policies applied to the machine if the user is part of a certain group? Say for example, I have defined a policy in computer configuration, disable adding tasks to task scheduler, on an OU. All machines are located in the OU. Domain admins do not have "read or apply group policy" rights to that particular group policy. Authenticated users have "read or apply group policy" rights. Now, if a domain user logs on to the machiine, the computer policy is applied to them, which is alright. But if a domain admin logs on, the computer policy still applies. I do understand that computer policy applies on the machine before msgina is presented, but is there any way to condition it to revert the change when a domain admin logs on? Thanks in advance. ... you don't know what you've got 'till it's gone.. - Joni Mitchell List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
