Essentially, a GPO
for all Container security principle, all at the bottom of the parent container.
However, You may want to change this behavior, Some GPO applies only to a
specific Safety principles. For example, you can Exemptions from some users on
an OU Desktop strict rule. You can do Filtering it through security. Each GPO
has access control list (ACL) permissions to the definition of the GPO. The
default permissions are validated the user has Read and Apply Group Policy
permissions. By adjusting permissions ACL, which can control the approved
safety principles applied GPO settings. Also, you may need to do two practices:
Deny Access Group Policy, or restrict permissions Group Policy.
Note:
Authenticated Users group that includes all users and computer accounts Verify
AD DS.
Deny Access to Group Policy
Deny Access to Group Policy
If the principles of
policy in the safest container should be set, but some are not, then you cannot
let them enter the Group Policy exemptions specific security guidelines. For
example, you can have a user should receive all sales except sales OU Group
Policy Managers group. You can go to the GPO exemptions ACL group (or user) by
adding the group, and then set the permissions to deny.
Limit Permissions to Group Policy
Also, if you have created it should apply only to certain safety principles
GPO With a container, you can remove Authenticated Users group from the ACL,
add safety principles You must accept the settings of the GPO, and then give
them Read and Apply Group Policy permissions. For example, you may have GPO
settings computer configuration should apply only to laptops Computer. You can
remove the Authenticated Users group from the ACL add a computer account Laptop,
and then give them Read and Apply Group Policy permissions.
Note: As a best practice, you should not deny
access Authenticated Users group. If you To do this, you will not receive
security policy settings GPO.
ACL GPMC GPO GPO Access is to be selected by Group Policy Objects Folder,
and then click the Delegation> Advanced tab.
No comments:
Post a Comment