[Samba] [OT?] 'negative' GPOs for local user?!

Marco Gaiarin gaio at sv.lnf.it
Mon Mar 5 11:52:52 UTC 2018


I'm trying to define the GPOs on my new AD domain, and i'm a little
confused.
I've never worked with AD, but i've extensively used MLGPO, where i can
explicitly apply GPOs to users/groups.

Two examples, of my confusion.

1) i've setup password policies (8 chars, 5-row password history,
 ...), and this is a ''computer'' policy, that apply... to computers. ;-)
But... there's some way to have domain computer policy apply ony to...
domain users, and not local one?!

2) i've setup also user policy, eg, the profile (enabled and set a
 quota). Also this seems to apply to all users, also local ones.
For that i've found (many!) article like that:

	http://www.grouppolicy.biz/2010/05/how-to-apply-a-group-policy-object-to-individual-users-or-computer/

and so seems to me that 'Authenticated User' apply to all users, also
local one.

It is safe to remove policy 'apply' to 'Authenticated User' and add an
ACL for, eg, 'Domain Users' group? Or i'm really missing something?!


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)



More information about the samba mailing list