Discussion:
GPO not applying to users without local admin rights
(too old to reply)
a***@gmail.com
2006-09-13 14:40:05 UTC
Permalink
Hello,

I have created a Domain GPO to control Windows Firewall settings. I
have been slowly rolling out this policy, and now that I am starting to
apply it to our domain users I am finding out that it will not apply to
their computers.

I noticed if I gave them local admin rights it would apply the policy,
but I don't want to have to give them admin rights for it to apply.
Have I missed a setting somewhere?
awong6687
2006-09-13 18:54:01 UTC
Permalink
Update, I noticed if I place the computer directly into the security
filter section it applied the policy, but however when I place a group
of computer into the policy it does not work.

what am I doing wrong?

Andrew
Post by a***@gmail.com
Hello,
I have created a Domain GPO to control Windows Firewall settings. I
have been slowly rolling out this policy, and now that I am starting to
apply it to our domain users I am finding out that it will not apply to
their computers.
I noticed if I gave them local admin rights it would apply the policy,
but I don't want to have to give them admin rights for it to apply.
Have I missed a setting somewhere?
Vikram Thakur
2006-09-13 21:28:02 UTC
Permalink
Try this...
Create an OU yourself and drop this computer into it. Create a GPO at this
newly created OU's level and make the settings there. By default the settings
on the GPO will be applied to 'Authenticated Users' which will include the
computer within the OU.

The policy will apply to user's regardless of whether they are admins or not.
Where are you making these settings in the GPO i.e Domain or Standard?
Remember, in the absence of a Domain Controller (laptop) only the standard
settings will apply. If the computer is attached to the network and is
logging into the domain then the Domain settings will apply.

By choice I always duplicate the settings to match under both 'Standard' as
well as 'Domain'.

- Vikram
Post by awong6687
Update, I noticed if I place the computer directly into the security
filter section it applied the policy, but however when I place a group
of computer into the policy it does not work.
what am I doing wrong?
Andrew
Post by a***@gmail.com
Hello,
I have created a Domain GPO to control Windows Firewall settings. I
have been slowly rolling out this policy, and now that I am starting to
apply it to our domain users I am finding out that it will not apply to
their computers.
I noticed if I gave them local admin rights it would apply the policy,
but I don't want to have to give them admin rights for it to apply.
Have I missed a setting somewhere?
awong6687
2006-09-14 15:32:54 UTC
Permalink
Hello,

Thank you all for your responses, I was think that I might have to link
it to an OU but was not sure. I did what you guys said and it is
working like a charm.

Yes I did configure it to use both domain and Standard, so that are
laptops are protect when leaving our domain.

Thank you all again

Andrew
Post by Vikram Thakur
Try this...
Create an OU yourself and drop this computer into it. Create a GPO at this
newly created OU's level and make the settings there. By default the settings
on the GPO will be applied to 'Authenticated Users' which will include the
computer within the OU.
The policy will apply to user's regardless of whether they are admins or not.
Where are you making these settings in the GPO i.e Domain or Standard?
Remember, in the absence of a Domain Controller (laptop) only the standard
settings will apply. If the computer is attached to the network and is
logging into the domain then the Domain settings will apply.
By choice I always duplicate the settings to match under both 'Standard' as
well as 'Domain'.
- Vikram
Post by awong6687
Update, I noticed if I place the computer directly into the security
filter section it applied the policy, but however when I place a group
of computer into the policy it does not work.
what am I doing wrong?
Andrew
Post by a***@gmail.com
Hello,
I have created a Domain GPO to control Windows Firewall settings. I
have been slowly rolling out this policy, and now that I am starting to
apply it to our domain users I am finding out that it will not apply to
their computers.
I noticed if I gave them local admin rights it would apply the policy,
but I don't want to have to give them admin rights for it to apply.
Have I missed a setting somewhere?
Mark Heitbrink [MVP]
2006-09-13 19:15:59 UTC
Permalink
Hi,
Post by a***@gmail.com
I have created a Domain GPO to control Windows Firewall settings. I
have been slowly rolling out this policy, and now that I am starting to
apply it to our domain users I am finding out that it will not apply to
their computers.
Which is totally alright, because it´s a computer configuration and
a user object can´t read it. It must be applied to a computer.

Place all your computers in a self-created OU, place all your users
in another selfcreated OU, link the Firewall GPO to your computer OU.

Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy

Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
Continue reading on narkive:
Search results for 'GPO not applying to users without local admin rights' (Questions and Answers)
3
replies
what is DNS?what is Active Directory?what is patch file?
started 2006-10-10 03:15:22 UTC
computer networking
Loading...