Announcement

Collapse
No announcement yet.

Group Policy for Users not Logged into the Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policy for Users not Logged into the Domain

    All,
    Here is the scenario.

    I have a W2K3 domain in native mode. I want my group policy to apply users that DO NOT log into the domain. These are WINDOWS XP Professional computers that are setup to auto-login LOCALLY to the COMPUTER (NOT THE DOMAIN). The computers themselves are members of the domain. I have a computer startup script group policy that works fine with these computers. This script installs printers based on the computers location. So I know that the machines are accepting policy.

    We have setup an OU created and linked a policy with all of the appropriate settings that we want, however these settings only get applied when a DOMAIN USER ACCOUNT is used to login to these computers in that OU where the policy is applied. This is ideal for most of our environment but these computers are like kiosk machines where domain authentication for users is not required. I would like to avoid creating a local policy for these machines. We tried a loopback policy but still get the same results. Is there any way to accomplish this?

  • #2
    Re: Group Policy for Users not Logged into the Domain

    I don't think its possible for a AD User Group policy to apply to Local User Group policy. The local account is not part of AD so there is no link there.

    You could create REG files which contain the local user policy changes you want and then use a AD Computer Policy script to run the REG entrys? I don't know if this would work...
    Last edited by Rednet; 11th February 2009, 06:38.

    Comment


    • #3
      Re: Group Policy for Users not Logged into the Domain

      Originally posted by jseay1 View Post
      All,
      Here is the scenario.

      I have a W2K3 domain in native mode. I want my group policy to apply users that DO NOT log into the domain. These are WINDOWS XP Professional computers that are setup to auto-login LOCALLY to the COMPUTER (NOT THE DOMAIN). The computers themselves are members of the domain. I have a computer startup script group policy that works fine with these computers. This script installs printers based on the computers location. So I know that the machines are accepting policy.

      We have setup an OU created and linked a policy with all of the appropriate settings that we want, however these settings only get applied when a DOMAIN USER ACCOUNT is used to login to these computers in that OU where the policy is applied. This is ideal for most of our environment but these computers are like kiosk machines where domain authentication for users is not required. I would like to avoid creating a local policy for these machines. We tried a loopback policy but still get the same results. Is there any way to accomplish this?

      Google "Loopback Processing".


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment

      Working...
      X