Search Amazon.com:
Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Post
  • Reply
da sponge
May 24, 2004

..and you've eaten your pen. simply stunning.

Fourteen posted:

GP is some incredibly, powerful stuff when you really get into it. People can rip on MS for a lot (and deservedly so), but GP deserves their utmost praise. You guys should check out the Jeremy Moskowitz books if you want to read more (Amazon search - the 2 new 2008 books are 1 and 2 on this page). Moskowitz really knows his stuff. If I could get my company to pay for it, I'd attend one of his workshops.

He's a friend of my boss. I've had lunch with him a couple of times, he's a good guy.

You've put together a nice thread Bangers and certainly have more wherewithal that I would to keep it going

da sponge fucked around with this message at Oct 29, 2008 around 17:21

Adbot
ADBOT LOVES YOU

da sponge
May 24, 2004

..and you've eaten your pen. simply stunning.

haljordan posted:

I am trying to figure out a way to apply a group policy to a certain OU so that the policies only affect the users when they log onto a certain terminal server. If I apply the group policy in the normal manner, it prevents them from shutting down their local workstations, when all I need is to prevent them from shutting down this one particular TS. Any thoughts on how I can accomplish this?

Loopback mode processing.

http://support.microsoft.com/kb/231287

Specifically on terminal servers
http://support.microsoft.com/kb/260370

da sponge
May 24, 2004

..and you've eaten your pen. simply stunning.

Does AD in 2008 apply security filtering to GPOs differently than in 2003?

Example - create a new GPO in a computer OU. Under security filtering, remove authenticated users, replace with a security group of computers (including multiple computers in that OU).

In 2003, the members of the security group had that policy applied (I'm pretty sure). Policy modeling says the policy should be applied, but gpresult shows that the policy is denied on security filtering. Only after I manually delegate read permission to authenticated users does the policy apply. This doesn't make sense to me - the group the policy applies to is automatically delegated read permission when I add them to security filtering/apply the policy to it. Why does it need authenticated users delegated read permission for the group member when that member already has read & apply perms?

da sponge
May 24, 2004

..and you've eaten your pen. simply stunning.

Dan Landry posted:

Could it be a token issue? Maybe the machines need a reboot to pick up their new group memberships.

Nope, multiple reboots & gpupdate /force.

da sponge
May 24, 2004

..and you've eaten your pen. simply stunning.

Mierdaan posted:

It's not anything you should lose too much sleep over, no. However, if you're in a position to make that decision early-on, do you

a) make the choice with potential problems later on
b) make the choice with no potential problems later on

There's just no good reason to NOT use .local or whatever. That's really the argument.

It's annoying with Direct Access and the NRPT (name resolution policy table). You need entries for each entity with your FQDN that has to be accessible to DA clients on public IPs.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply