Announcement

Collapse
No announcement yet.

difference between computer conig. & user config.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • difference between computer conig. & user config.

    Hi Guys

    i want to know clearly the difference between computer configuration and user configuration which is present in the group policy

    Then i have two machines windows 2k3 dc, & win xp , xp machine has connected with the domain, with one user,even the server has goes off,i can log on to the xp machhine using the domain user, i know this is due to users using the local profiles resides on the xp machine,how to prevent this using group policy

    What is the purpose of resultant set of policy

    thanks in advance

  • #2
    Re: difference between computer conig. & user config.

    i want to know clearly the difference between computer configuration and user configuration which is present in the group policy
    Computer configurations apply to computer and user configurations apply to users. If you have users and Computers in the same OU then you can configure the settings accrordingly. If you only have either users or computers in an OU then you only need to configure the relevant section and you can disable the other (Speeds up GPO appliance). There is also something called loopback processing - http://support.microsoft.com/kb/231287 which is used to overwrite the users configuration with the computer's configuration.

    Then i have two machines windows 2k3 dc, & win xp , xp machine has connected with the domain, with one user,even the server has goes off,i can log on to the xp machhine using the domain user, i know this is due to users using the local profiles resides on the xp machine,how to prevent this using group policy
    Sorry, I'm struggling to understand what you mean on this one

    What is the purpose of resultant set of policy
    Resultant set of policy (RSOP) is used to evaluate what GPO's are being applied to a particular object (user or computer) is pretty amazing you know - http://support.microsoft.com/kb/323276

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: difference between computer conig. & user config.

      Hi m80arm

      very thanks for your reply, which was very detailed & clearly understood to me,
      actually my question was even the server was on power off some of the domain users authenticates the server using local profiles, how to disable(it means the domain user should not authenticate the server when it is on powered off) it using group policy

      thanks

      Comment


      • #4
        Re: difference between computer conig. & user config.

        There is a group policy setting to "prevent logon with cached credentials" that should (not tested) stop someone logging on when no DC is available:
        Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
        http://www.windowsdevcenter.com/pub/...g_caching.html

        Tom
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: difference between computer conig. & user config.

          Originally posted by kishorilal2k1 View Post
          Hi m80arm

          very thanks for your reply, which was very detailed & clearly understood to me,
          actually my question was even the server was on power off some of the domain users authenticates the server using local profiles, how to disable(it means the domain user should not authenticate the server when it is on powered off) it using group policy

          thanks
          Ahhh - You'll want to look into disable / restricting cached logons via Group Policy. The following should get you started:

          http://searchwinit.techtarget.com/ti...l?topic=299542

          Michael
          Michael Armstrong
          www.m80arm.co.uk
          MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            Re: difference between computer conig. & user config.

            Do remember that this policy will prevent laptop users from logging in at all unless they are on YOUR network... so the whole idea of laptops would be out of the window unless they are in a separate OU which does not get this policy.


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: difference between computer conig. & user config.

              Originally posted by Stonelaughter View Post
              Do remember that this policy will prevent laptop users from logging in at all unless they are on YOUR network... so the whole idea of laptops would be out of the window unless they are in a separate OU which does not get this policy.
              Excellant point - forgot about that

              Michael
              Michael Armstrong
              www.m80arm.co.uk
              MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Re: difference between computer conig. & user config.

                Originally posted by Stonelaughter View Post
                Do remember that this policy will prevent laptop users from logging in at all unless they are on YOUR network... so the whole idea of laptops would be out of the window unless they are in a separate OU which does not get this policy.
                You could use the Log on using dial-up connection if cached credentials was disabled... but yes, generally not a good idea for mobile computers.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment

                Working...
                X