User configs applied to users only on certain servers

Liam

Distinguished
Apr 3, 2004
55
0
18,630
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi All,
I am trying to get a login script to run against users
that only logon to certain servers. The script is to
update some registry files to remove msiinstaller
eventid's. I have tried enabling the user configuration
settings on the OU containing the servers but the users
themselves need to be in the same OU for this to work.
Since I'm not sure who is going to be logging into the
servers I don't want to add everyone to the OU or put it
high up in the AD tree. Any ideas?
Thanks,
Liam.
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

This sounds like a good candidate for loopback policy. This is where you can
hand out user policy based on the machine rather than the user. See the post
on this forum called "Filtering Group Policies" for a link to info on
loopback.


"Liam" <liam.waters@coillte.ie> wrote in message
news:427001c42b90$85ba2370$a601280a@phx.gbl...
> Hi All,
> I am trying to get a login script to run against users
> that only logon to certain servers. The script is to
> update some registry files to remove msiinstaller
> eventid's. I have tried enabling the user configuration
> settings on the OU containing the servers but the users
> themselves need to be in the same OU for this to work.
> Since I'm not sure who is going to be logging into the
> servers I don't want to add everyone to the OU or put it
> high up in the AD tree. Any ideas?
> Thanks,
> Liam.
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Assign this as a startup script at the OU contains the servers.

322241 - HOW TO: Assign Scripts in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;322241
--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"Liam" <liam.waters@coillte.ie> skrev i meddelandet
news:427001c42b90$85ba2370$a601280a@phx.gbl...
> Hi All,
> I am trying to get a login script to run against users
> that only logon to certain servers. The script is to
> update some registry files to remove msiinstaller
> eventid's. I have tried enabling the user configuration
> settings on the OU containing the servers but the users
> themselves need to be in the same OU for this to work.
> Since I'm not sure who is going to be logging into the
> servers I don't want to add everyone to the OU or put it
> high up in the AD tree. Any ideas?
> Thanks,
> Liam.
 
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Liam,

Loopback and scripts also work, but loopback may have a much broader impact
than you desire in this case. It's not clear to me why you would target
what appears to be HKLM settings for users, as the first user that runs the
policy would remove the setting for all users, however if that is truly what
you are after, try this:

You can use the Policy Maker registry extension to delete the registry keys
in question. You can use its registry browser to locate the keys and bring
them into the Group Policy editor. You can apply filters to the individual
policies, or collections of policies. There are 25 categories of filters,
including computer in OU, which can be applied during user policy
processing. User policy is allowed to target HKLM settings if that is
desired. Therefore you can do exactly what you describe - using Group
Policy (not scripts), by applying the policy to the user OU.

The best port about this is that it's entirely free. Our next release, due
out in a day or two, removes all license restrictions for the
fully-functional registry extension. Just download it and use it. Better
yet, the new version includes a multiselct registry browser which can even
pull in values from other computers and present them hierarchically.

Alternatively, you could manually set up the policy in Local GPOs and filter
in the same manner. Policy Maker is always free of change, for all
extensions, in Local GPO.

Regards,

Eric Voskuil
Policy Maker
http://www.autoprof.com/policy


"Liam" <liam.waters@coillte.ie> wrote in message
news:427001c42b90$85ba2370$a601280a@phx.gbl...
> Hi All,
> I am trying to get a login script to run against users
> that only logon to certain servers. The script is to
> update some registry files to remove msiinstaller
> eventid's. I have tried enabling the user configuration
> settings on the OU containing the servers but the users
> themselves need to be in the same OU for this to work.
> Since I'm not sure who is going to be logging into the
> servers I don't want to add everyone to the OU or put it
> high up in the AD tree. Any ideas?
> Thanks,
> Liam.