You have denied the loopback processing policy that way, as well as the folder redirection. By denying the loopback, it can't process it as user policy, right? I would think maybe you'll need a separate policy to apply the loopback processing before denying the second (existing) policy?
-Bonnie From: Oliver Marshall [mailto:oliver.marsh...@g2support.com] Sent: Thursday, December 18, 2008 8:49 AM To: NT System Admin Issues Subject: RE: Disabling folder redirection on one machine Right, even with user loopback processing set to Replace it still doesn't work. I've got the folder redirection policy which works in itself, in that we are using folder redirection happily on all the machines. In its delegation tab is a group called "External laptops" which contains the laptop in question. That group has DENY against the apply policy permission. In that GPO we have turned on User loopback processing and set it to REPLACE. As far as I can tell from the notes on the google-web that should work...shouldnt it ? Olly From: Jon Harris [mailto:jk.har...@gmail.com] Sent: 17 December 2008 17:35 To: NT System Admin Issues Subject: Re: Disabling folder redirection on one machine Yeah I missed that Users get that policy not Computers. Putting the user into a security group and putting deny on them would work but then the policy would do be the same on ALL computers they used not just the laptops. Jon On Wed, Dec 17, 2008 at 10:46 AM, Micheal Espinola Jr <michealespin...@gmail.com<mailto:michealespin...@gmail.com>> wrote: Never tried it, but that sounds right to me. -- ME2 On Wed, Dec 17, 2008 at 9:44 AM, Miller Bonnie L. <mille...@mukilteo.wednet.edu<mailto:mille...@mukilteo.wednet.edu>> wrote: > Folder Redirection is a user-based policy, so wouldn't you need to activate > loopback policy processing to apply (deny) it to a computer account? > > > > -Bonnie > > > > From: Oliver Marshall > [mailto:oliver.marsh...@g2support.com<mailto:oliver.marsh...@g2support.com>] > Sent: Wednesday, December 17, 2008 3:31 AM > To: NT System Admin Issues > Subject: RE: Disabling folder redirection on one machine > > > > Something is amiss. RSOP for my user account against the laptop in question > shows that teh folder redirection policy is (should be) being applied even > though that laptop has DENY against Apply Policy in the delegation tab :S > > > > Odd. > > > > From: Oliver Marshall > [mailto:oliver.marsh...@g2support.com<mailto:oliver.marsh...@g2support.com>] > Sent: 17 December 2008 11:09 > To: NT System Admin Issues > Subject: RE: Disabling folder redirection on one machine > > > > Annoyingly, that doesn't work L > > > > I've put the computer in to a security group, put that group in the > Delegation tab with an advanced property specifying "Apply Policy DENY", but > no end of rebooting for forcing an update causes the laptop in question to > NOT apply that policy. Any user logging on happily gets all the data > synched. The event log on either box shows no errors relating to why the GPO > *IS* being applied. > > > > ARGH! > > > > Olly > > > > From: Jon Harris [mailto:jk.har...@gmail.com<mailto:jk.har...@gmail.com>] > Sent: 16 December 2008 12:06 > To: NT System Admin Issues > Subject: Re: Disabling folder redirection on one machine > > > > Put the laptops in a Security group put a deny on the security group from > geting that policy but make sure it is the only thing in that policy you > want affected! > > > > Jon (finally getting rid of my cold) > > On Tue, Dec 16, 2008 at 4:23 AM, Oliver Marshall > <oliver.marsh...@g2support.com<mailto:oliver.marsh...@g2support.com>> wrote: > > Hi chaps, > > Whats the best (read proper) way to disable folder redirection for any user > on one machine? We have a 2008/vista based network and we use folder > redirection to keep the data on the servers. All good. However we have some > new laptops which will go out in the field and it's been decided that the > users will need to be able to log on to the laptops as themselves (rather > than using a dedicated local account on the laptop). However this in turn > goes against the data policy which precludes laptops from having copies of > users profiles or company data on them (everything is to be access via SSL > web app). > > Is the best way to just add the computer name to the permissions of the > folder redirection GPO and then set that permission to denied ? > > Olly 'got man cold' Marshall > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
