Machine policy and loopback . . .

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

http://support.microsoft.com/default.aspx?scid=kb;en-us;231287&Product=win2000

and it says for loopback (amongst other things): "This policy directs the system to apply the set of GPOs for the computer to any user who logs on to a computer affected by this policy. This policy is intended for special-use computers (for example, computers in public places, laboratories, and classrooms), where you must modify the user policy based on the computer that is being used. "

I read that as loopback will force the user to use the MACHINE GPO for the machine's OU rather than his/her GPO for their user OU. Is that correct? Useful for kiosk, right?

2) If I exclude admins from Domain GPOs as well as the L.S.O GPOs, if the admin logs into a kiosk, will the kiosk machine then fully function on the network for the admin, or will it remain the kiosk because of loopback?

Thanks, this seemed appropriate to ask in this thread.

Keith

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Yes, the user will be assigned the user configuration defined settings for the GPO
for the container/OU that the computer resides in with a replace or merge mode. If
you do not want that loopback policy to apply to administrators, give the
administrators group deny apply permissions to the GPO that applies to the computer
account OU. If you run gpresult while logged onto that computer it should show that
GPO as denied or filtered. --- Steve


"keithtexas" <keithtexas@discussions.microsoft.com> wrote in message
news:C884AEA7-01DD-43F6-91C7-A0BF33F5C3DB@microsoft.com...
> http://support.microsoft.com/default.aspx?scid=kb;en-us;231287&Product=win2000
>
> and it says for loopback (amongst other things): "This policy directs the system
to apply the set of GPOs for the computer to any user who logs on to a computer
affected by this policy. This policy is intended for special-use computers (for
example, computers in public places, laboratories, and classrooms), where you must
modify the user policy based on the computer that is being used. "
>
> I read that as loopback will force the user to use the MACHINE GPO for the
machine's OU rather than his/her GPO for their user OU. Is that correct? Useful for
kiosk, right?
>
> 2) If I exclude admins from Domain GPOs as well as the L.S.O GPOs, if the admin
logs into a kiosk, will the kiosk machine then fully function on the network for the
admin, or will it remain the kiosk because of loopback?
>
> Thanks, this seemed appropriate to ask in this thread.
>
> Keith

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thank you!

"Steven L Umbach" wrote:

> Yes, the user will be assigned the user configuration defined settings for the GPO
> for the container/OU that the computer resides in with a replace or merge mode. If
> you do not want that loopback policy to apply to administrators, give the
> administrators group deny apply permissions to the GPO that applies to the computer
> account OU. If you run gpresult while logged onto that computer it should show that
> GPO as denied or filtered. --- Steve
>
>
> "keithtexas" <keithtexas@discussions.microsoft.com> wrote in message
> news:C884AEA7-01DD-43F6-91C7-A0BF33F5C3DB@microsoft.com...
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;231287&Product=win2000
> >
> > and it says for loopback (amongst other things): "This policy directs the system
> to apply the set of GPOs for the computer to any user who logs on to a computer
> affected by this policy. This policy is intended for special-use computers (for
> example, computers in public places, laboratories, and classrooms), where you must
> modify the user policy based on the computer that is being used. "
> >
> > I read that as loopback will force the user to use the MACHINE GPO for the
> machine's OU rather than his/her GPO for their user OU. Is that correct? Useful for
> kiosk, right?
> >
> > 2) If I exclude admins from Domain GPOs as well as the L.S.O GPOs, if the admin
> logs into a kiosk, will the kiosk machine then fully function on the network for the
> admin, or will it remain the kiosk because of loopback?
> >
> > Thanks, this seemed appropriate to ask in this thread.
> >
> > Keith
>
>
>