Never tried it, but that sounds right to me. -- ME2
On Wed, Dec 17, 2008 at 9:44 AM, Miller Bonnie L. <mille...@mukilteo.wednet.edu> wrote: > Folder Redirection is a user-based policy, so wouldn't you need to activate > loopback policy processing to apply (deny) it to a computer account? > > > > -Bonnie > > > > From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] > Sent: Wednesday, December 17, 2008 3:31 AM > To: NT System Admin Issues > Subject: RE: Disabling folder redirection on one machine > > > > Something is amiss. RSOP for my user account against the laptop in question > shows that teh folder redirection policy is (should be) being applied even > though that laptop has DENY against Apply Policy in the delegation tab :S > > > > Odd. > > > > From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] > Sent: 17 December 2008 11:09 > To: NT System Admin Issues > Subject: RE: Disabling folder redirection on one machine > > > > Annoyingly, that doesn't work L > > > > I've put the computer in to a security group, put that group in the > Delegation tab with an advanced property specifying "Apply Policy DENY", but > no end of rebooting for forcing an update causes the laptop in question to > NOT apply that policy. Any user logging on happily gets all the data > synched. The event log on either box shows no errors relating to why the GPO > *IS* being applied. > > > > ARGH! > > > > Olly > > > > From: Jon Harris [mailto:jk.har...@gmail.com] > Sent: 16 December 2008 12:06 > To: NT System Admin Issues > Subject: Re: Disabling folder redirection on one machine > > > > Put the laptops in a Security group put a deny on the security group from > geting that policy but make sure it is the only thing in that policy you > want affected! > > > > Jon (finally getting rid of my cold) > > On Tue, Dec 16, 2008 at 4:23 AM, Oliver Marshall > <oliver.marsh...@g2support.com> wrote: > > Hi chaps, > > Whats the best (read proper) way to disable folder redirection for any user > on one machine? We have a 2008/vista based network and we use folder > redirection to keep the data on the servers. All good. However we have some > new laptops which will go out in the field and it's been decided that the > users will need to be able to log on to the laptops as themselves (rather > than using a dedicated local account on the laptop). However this in turn > goes against the data policy which precludes laptops from having copies of > users profiles or company data on them (everything is to be access via SSL > web app). > > Is the best way to just add the computer name to the permissions of the > folder redirection GPO and then set that permission to denied ? > > Olly 'got man cold' Marshall > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~