Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Nick Staff (nstaff_at_ANGELSIN.COM)
Date: Sun Jul 28 2002 - 09:16:29 CDT
By enabling the 'User Group Policy loopback processing mode' policy in the local security policy of their workstation and setting it to replace, a user can prevent domain user Group Policies from being applied to them.
- Create a Windows 2000 domain and join a Windows 2000 professional computer to the domain.
- In Active Directory Users and Computers make a new OU named Restricted and inside the Restricted OU create a user named Test.
- Link a new Group Policy to the Restricted OU and configure any of the policies under User Configuration.
- From the Windows 2000 Professional machine log on to the domain as Test and verify the user Group Policy settings are applied.
- Log off test and log back on locally using the local administrator account.
- Open the MMC and add the Group Policy snap-in, accepting the default of Local Computer as the focus.
- Go to Computer Configuration\Administrative Templates\System\Group Policy and enable User Group Policy loopback processing mode, setting it to 'Replace'.
- Under User Configuration configure policies that conflict with the ones you previously made.
- Log off and back on as Test and verify the original policies are no longer applied.
To Fix this:
Disable the User Group Policy loopback processing mode policy in a Group Policy placed at the Domain or OU level.