Lookback GPO's and novel Users

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have a computer GPO that performs lookback processing so that any
users that logon to the machines have their startmenu confiscated and
run commannds removed etc..

this is great when domain users logon , the loopback works great

however when users logon through a novel client they obviously dont
get the policy and they have full access..

these user have not got AD accounts so they are effectivley loging in
locally to the box which itself is a domain member.

Is there any way i can get this lookback user policy to these users so
they can't bypass my policy.

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

glenn.mantle@bt.com (Glenn M) said

> I have a computer GPO that performs lookback processing so that any
> users that logon to the machines have their startmenu confiscated and
> run commannds removed etc..
>
> this is great when domain users logon , the loopback works great
>
> however when users logon through a novel client they obviously dont
> get the policy and they have full access..
>
> these user have not got AD accounts so they are effectivley loging in
> locally to the box which itself is a domain member.
>
> Is there any way i can get this lookback user policy to these users so
> they can't bypass my policy.
>

If they are not logging into AD the only way I can think of doing it would be
through a local policy on the machines in question.

--

Andy.

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

i supose i could copy now a new registry.pol to %windir%\system32\grou
policy\user and increment the local user policy serial number.

would be a bit dirty but would do the trick.

Andrew Mitchell <amitchell@removecasey.vic.gov.au> wrote in message news:<Xns95FAF4050F8DDAA12F32EDB83F@207.46.248.16>...
> glenn.mantle@bt.com (Glenn M) said
>
> > I have a computer GPO that performs lookback processing so that any
> > users that logon to the machines have their startmenu confiscated and
> > run commannds removed etc..
> >
> > this is great when domain users logon , the loopback works great
> >
> > however when users logon through a novel client they obviously dont
> > get the policy and they have full access..
> >
> > these user have not got AD accounts so they are effectivley loging in
> > locally to the box which itself is a domain member.
> >
> > Is there any way i can get this lookback user policy to these users so
> > they can't bypass my policy.
> >
>
> If they are not logging into AD the only way I can think of doing it would be
> through a local policy on the machines in question.