I had a client that wanted to add network printers and set a default printer on a set of computers regardless of who logged into the computer.
I found out that Group Policy has a Loopback mode that allows User Configuration to either be Merged or Replaced. This is done by enabling Loopback mode in the Computer Configuration and selecting Replace or Merge mode. The User Configuration settings in the same GPO are then applied based on the computer, rather than the user.
I then had some problems applying the GPO to a set of computers. If I only included the necessary computers in Security Filtering, the user was then denied access to the User Configuration settings. If I added Authenticated Users to the Security Filtering, the GPO was applied to everyone on all computers!
I then worked out that I misunderstood the membership of Authenticated Users. This contains all the computer accounts as well as all users.
I resolved the GPO problem by including the set of computers on which the script needed to run and also including the Domain Users group. The GPO was then only applied on the required set of computers.
So, Authenticated Users is really authenticated users and computers - a pity you can't easily see the membership of this group!
No comments:
Post a Comment