Click here to get back home

Applying Windows 2003 policies to Windows XP
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Applying Windows 2003 policies to Windows XP Gaspar 06-24-2008
Posted by Gaspar on June 24, 2008, 2:34 pm
Please log in for more thread options
 I'm using domain policies with restrictions for WinXP software like Internet
Explorer, etc.
I noticed that when an domain administrator logs in, the restrictions are
not applied. This is ok for me.
The problem is this: I want some IT people (help desk technitians) that are
NOT domain administrations but belong to a "IT Group" domain group, to
bypass policy restrictions as domain admins do.

How to do this?
Thanks!



Posted by Meinolf Weber on June 24, 2008, 5:13 pm
Please log in for more thread options
 Hello Gaspar,

Create a OU for your IT Group, move the users there and link there the policies
you really need.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I'm using domain policies with restrictions for WinXP software like
> Internet
> Explorer, etc.
> I noticed that when an domain administrator logs in, the restrictions
> are
> not applied. This is ok for me.
> The problem is this: I want some IT people (help desk technitians)
> that are
> NOT domain administrations but belong to a "IT Group" domain group, to
> bypass policy restrictions as domain admins do.
> How to do this?
> Thanks!



Posted by mackdaddy315 on June 29, 2008, 9:26 am
Please log in for more thread options
> I'm using domain policies with restrictions for WinXP software like Inter=
net
> Explorer, etc.
> I noticed that when an domain administrator logs in, the restrictions are
> not applied. This is ok for me.
> The problem is this: I want some IT people (help desk technitians) that a=
re
> NOT domain administrations but belong to a "IT Group" domain group, to
> bypass policy restrictions as domain admins do.
>
> How to do this?
> Thanks!

This is a user policy right?
Do you have it set to deny for domain admins or enterprise admins? if
so that is the culprit.
Put the admins you want it to apply to in a group and under security
apply it to that group and any others you want and take out the deny.
as long as you are not in any of the groups where it is set to apply
you should be ok.
Also separating by OU can be useful as well.

Similar ThreadsPosted
Account Policies - Windows 2003 Server July 23, 2007, 8:43 pm
Windows Vista Group Policies in a Server 2003 SP1 Domain environment May 11, 2007, 9:21 am
Applying SAFER policies via GPO, is this the right newsgroup to post in March 27, 2006, 2:35 am
Windows 2000 Domain, Windows 2003 Enterprise CA July 15, 2005, 2:07 pm
Windows 2008 CA can't issue to Windows 2003 server June 25, 2008, 11:53 am
Windows server 2003 and Windows SBS Cost ? August 25, 2005, 11:19 pm
Is it possible to use the Windows 2003 user names instead of pre-Windows 2000 user names in Windows Authentication? September 5, 2006, 9:27 am
Windows 2003 PKI August 23, 2005, 9:51 am
WMI and Windows 2003 SP1 June 28, 2006, 10:14 am
Windows 2003 August 30, 2007, 6:41 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap