Samstag, 29. Dezember 2012 16:56
Excuse what could be a bit elementary, I'm no Microsoft guru
We have a terminal server (win2k8 r2) on the domain that a bunch of users login to.
We ideally want these users to only be able to access certain resources (controlled by IP/port) based on their user group. So the idea is to create GPO's with Windows Firewall outbound rules to permit the allowed access per user group.
However I've been trying this for a couple of hours and I just cannot get the GPO to enforce Windows Firewall rules.
So I'm wondering if this maybe because the GPO is linked to a user group, not computers, and the Firewall is a computer setting.
Would this be the case? is it possible to create GPO's that enforce different Windows Firewall rules per-user rather than by per-computer?
Samstag, 29. Dezember 2012 18:09
If the GPO is scoped to Authenticated users and linked to a users container but it has Computer settings then the settings will not apply. You should link the GPO to the computers container and enable loopback processing.
More on loopback processing here:
Another way is to create a group that has all computer accounts in that OU. Then remove Authenticated users and add the new group instead. Now you can link the policy directly to the domain instead of the OU.
- Als Antwort markiert K_evin ZhuMicrosoft Contingent Staff, Moderator Donnerstag, 3. Januar 2013 06:42
Donnerstag, 3. Januar 2013 06:42ModeratorHi,
As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.