I think you should be looking at assigned software VIA group policy.
http://support.microsoft.com/kb/302430


From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Tuesday, September 01, 2009 4:21 PM
To: NT System Admin Issues
Subject: RE: GPO filtering

That's already enabled for the particular user group.  You are saying I have to 
apply this to PCs as well?  The problem is I want this to apply to whatever PC 
the user logs into, since many of our users move around.

>>> "Free, Bob" <r...@pge.com> 9/1/2009 4:08 PM >>>
Sounds like you are on Scope tab, look at the delegation tab, you should see 
the group you added, click the advanced button in the lower right, it will 
bring up the usual ACL editor, the group of computers you want the GPO to apply 
to must have both Read and Apply Group Policy.
It is confusing because you would think the path to edit it is in the scope 
tab, you can add/remove  security principals there but not edit them.


From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Tuesday, September 01, 2009 12:45 PM
To: NT System Admin Issues
Subject: RE: GPO filtering

Where is this?  I must be having a brain cramp.  The screen I am looking at has 
the applied OU (Links) at the top and Security filtering in the bottom pane.  
Or do you mean the ACL on the OU where the GPO is applied?

Same results user or computer, by the way.

>>> Brian Desmond <br...@briandesmond.com> 9/1/2009 3:24 PM >>>
There is a checkbox in the ACL to grant that group the right to Apply this 
Policy as well as Read. You want both of those.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

Active Directory, 4th Ed - http://www.briandesmond.com/ad4/
Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian

From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Tuesday, September 01, 2009 2:20 PM
To: NT System Admin Issues
Subject: GPO filtering

I have a need to create a GPO that will run an install.  The install file is an 
MSI for Terminal Server application access for several applications.

The issue I am having is security filtering.  I want the GPO to apply to a 
group of users.  If I remove "authenticated users" and add the group, nothing 
happens.  Group Policy modeling lists the GPO as denied and inaccessible.  If I 
add the specific PCs, this works.

Looking at my various books there is no mention of the requirement to add 
workstations or workstation groups the GPO security to get it to work.

Suggestions?



Tom Miller
Engineer, Information Technology
Hampton-Newport News Community Services Board
757-788-0528


Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.










Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.










Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to