Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: RE: [ActiveDir] Security Filtering Computer Based Policies
Prev Next
You are not authorized to post a reply.

AuthorMessages
neilrustonUser is Offline

Posts:149

09/08/2008 3:55 PM  
As a rule of thumb, I've found that 2 reboots are required, in such a
scenario.



One reboot to refresh the token and one (additional) to force a refresh
of the applied GPOs.



I've found this to be very cumbersome and never really managed to
understand why it's required (or if my assumption / findings were
correct).





neil

________________________________

From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of WATSON, BEN
Sent: 20 August 2008 16:45
To: undisclosed-recipients
Subject: [ActiveDir] Security Filtering Computer Based Policies



As part of a rollout for a specific policy we are applying to the
company, we are pushing a policy that will be effected by security
filtering at the outset. It works, and I can test it and when I check
the GPResults I definitely see that the policy was denied by security.



To perform the security filtering, I created a security group, added the
computer accounts that I do NOT want to be affected by the policy, and
then denied that security group the ability to apply the group policy.
As I stated before, it works... but slowly.



I was wondering if anyone else could explain why after making a change
to the membership of the security group, it seems to take "some time"
for the change to take effect as far as the security filtering is
concerned. I know it's not a replication issue (if that even matters)
as I push out the changes to the other DCs, yet it still takes awhile
for the change in the security group to effect the security filtering
applied against the GPO.



Any thoughts?



Thanks,

~Ben



_______________________________________

Best way to annoy your co-workers? E-mail.
<http://abcnews.go.com/print?id=5351908>




Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group.

The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk.

This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments.

Internet communications are not guaranteed to be secure or without viruses. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons.

Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.

Barclays Bank PLC. Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.

Barclays Bank PLC is authorised and regulated by the Financial Services Authority.

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > RE: [ActiveDir] Security Filtering Computer Based Policies



ActiveForums 3.7
AdventNet Banner
Friends

Friends

Namescape
Members

Members

MembershipMembership:
Latest New UserLatest:rwrabinowitz
New TodayNew Today:1
New YesterdayNew Yesterday:1
User CountOverall:4273
People OnlinePeople Online:
VisitorsVisitors:424
MembersMembers:0
TotalTotal:424
Online NowOnline Now:

Ads

Copyright 2008 ActiveDir.org
Terms Of Use