Announcement

Collapse
No announcement yet.

How to disable the proxy setting just for one server only using Local GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to disable the proxy setting just for one server only using Local GPO

    Hi All,

    I’m having problem regarding conflicting GPO in my Terminal Server (just one server only that needs to be secured / lock down), here’s the GPO that I’ve set:

    For the domain wide internet proxy deployment:

    Custom GPO1 – under User Configuration I setup the proxy for IE as well as WSUS
    Default Domain Controller Policy – left untouched (no proxy settings enabled here)

    Both of them assigned to the domain.com root for companywide deployment.

    However when I configure the Local GPO for the terminal service to disable the Proxy and hide the IE “Connection” tab the proxy information is filled down again / enabled ? (I think the local GPO is got override by the domain GPO ?)

    Is there any way to make sure that the local GPO working to disable the Proxy connection while the Custom GPO1 from the domain GPO also working for WSUS ?

    Thanks,

    AWT

  • #2
    Re: How to disable the proxy setting just for one server only using Local GPO

    For GPOs, remember LSDOU
    Local policies applied first, so over-written most often
    Site Policies applied next
    Domain Policies
    OU (and then sub OU policies) applied last, so most likely to win

    You could put the server into an OU of its own and create a policy for that OU only
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: How to disable the proxy setting just for one server only using Local GPO

      Originally posted by Ossian View Post
      For GPOs, remember LSDOU
      Local policies applied first, so over-written most often
      Site Policies applied next
      Domain Policies
      OU (and then sub OU policies) applied last, so most likely to win

      You could put the server into an OU of its own and create a policy for that OU only
      Thanks for your reply mate,

      at the moment I'm creating:

      1. custom OU called "Terminal Servers"
      2. put a GPO called "TS Loopback Policy" link to that custom OU with just one server (TerminalServer01)
      enable loopback under Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy Loopback Processing Mode - REPLACE mode.

      3. inside the TerminalServer01 (2008 R2) make the necessary Local GPO policy

      cmiiw ?

      Comment


      • #4
        Re: How to disable the proxy setting just for one server only using Local GPO

        You dont need a local policy -- make the settings in the TS Loopback Policy GPO
        The rest looks OK
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: How to disable the proxy setting just for one server only using Local GPO

          Originally posted by Ossian View Post
          You dont need a local policy -- make the settings in the TS Loopback Policy GPO
          The rest looks OK
          ah...
          so i can put it altogether with the "TS Loopback Policy" GPO object ?

          that's quite simple

          Thanks for your reply.

          Comment


          • #6
            Re: How to disable the proxy setting just for one server only using Local GPO

            Let us know how you get on, please
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: How to disable the proxy setting just for one server only using Local GPO

              Originally posted by Ossian View Post
              Let us know how you get on, please
              Ossian,

              one more thing, I found out that there's another group called:

              Terminal Service server group
              Scope: Global
              Type: Security
              Members: Termserv01and another terminal server VM

              should I drag n drop / move this group into the custom OU which linked with the "TS Loopback Policy" ?
              Last edited by Albertwt; 25th May 2010, 07:58.

              Comment


              • #8
                Re: How to disable the proxy setting just for one server only using Local GPO

                Groups have nothing to do with OUs and Group Policies (despite the name )
                You can leave it where it is without problems
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: How to disable the proxy setting just for one server only using Local GPO

                  Originally posted by Ossian View Post
                  Groups have nothing to do with OUs and Group Policies (despite the name )
                  You can leave it where it is without problems
                  yes it works Ossian !

                  you're the man

                  Comment

                  Working...
                  X