Your manager asks you to configure the computers in the training room. It is required to provide a single, consistent user experience for any student who logs on to the systems. Some details are listed: a specific desktop wallpaper, prevent users from accessing registry editing tools, and disable the password-protected screen saver.
You may implement the system as:
1. Create a global security group - Training Computers, and add all relevant computer objects to the group.
2. Create a group policy - Training Computer Configuration. Configure the settings in User Configuration, and filter helps you to easier find the entry you need. Configure the loopback processing mode value in Computer Configuration.
3. Remove the default Authenticated Users in Security Filtering for Training Computer Configuration policy, and add Training Computers and Domain Users.
(It is an underdocumented fact that when you combine the loopback processing
with security group filtering, the application of user settings during policy refresh uses the credentials of the computer to determine which GPOs to apply as part of the loopback processing, but the logged-on user must also have the Apply Group Policy permission for the GPO to be successfully applied.)
4. Link the Training Computer Configuration policy to Client OU.
What must you do to prevent the domain’s screen saver policies from applying to
training room computers?
5. In delegation of the policy applied to the domain, add the Training Computers group and click deny Apply group policy.
Note: If the wallpaper correctly set by group policy, but you can't actually see the wallpaper, refer to the topic posted on Microsoft forum.
Refer to: Loopback processing of Group Policy, explained, very awesome explanation.
No comments:
Post a Comment