none
GPO Apply to All of the user

    Question

  • Hi,

    I create a GPO which is link to a group with list of PC which i like to apply to but for some reason it is applying to all of the PC in the company.Can someone let me know what I have done wrong.

    I would like GPO to only apply to computers which are in this group I dont want it to aply to any other PC or to users.

    Wednesday, July 4, 2018 10:26 AM

All replies

  • You probably need to remove the 'Authenticated Users' from the Security Filtering list and just have the group that contains the computer objects.
    Wednesday, July 4, 2018 10:30 AM
  • OK, I will do this now and try but I have another question

    All of the user home drive is located in same location. \\dfs path\users\username

    I only want user who login to portable device to be able to use offline files, any user which use desktop should not be able to do this.

    Is it possible to allow some user for offline files rather then all.

    Wednesday, July 4, 2018 3:16 PM
  • > I only want user who login to portable device to be able to use offline files, any user which use desktop should not be able to do this.Is it possible to allow some user for offline files rather then all.

    If the requirement is device based, simply disable the CSC service if offline files are forbidden...

    Wednesday, July 4, 2018 3:41 PM
  • Sorry What is CSC service and How do I disable it, what problem it will cause.

    Where do I apply these setting

    Should I setup this in computer or user or in both

    Thursday, July 5, 2018 9:29 AM
  • Should I setup the File share cache as Image 1

    or Image 2

    Thursday, July 5, 2018 9:30 AM
  • Hello,

    Thanks for your reply.

    According to my knowledge, we want to apply the GPO to the group with list of PC. From your screenshots, we should remove the Authenticated Users from the Security Filtering and the policy ”Specify administratively assigned Offline Files” should be configured under the Computer Configuration. Because the GPO is applied to the PC objects.

    In addition, the difference between the Offline Settings options are below:

    [Only the files and programs that users specify will be available offline]: This option gives users control over which files are available offline. This is the default option.

    [All files and programs that users open from the share will be automatically available offline]: Allows all the files that users open from the shared folder to be automatically available offline. If you select the Optimized for performance check box, all programs are automatically cached so that they can run locally.

    [Files or programs from the share will not be available offline]: This option disables offline files.

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, July 6, 2018 3:13 AM
  • OK This Is What I Have Done

    I setup a lab.

    • 1 DC/File Server
    • 2 Windows 10 PC
    • Created OU For User, PC and Groups
    • Home Drive Location Domain\global\common\user\%Username%

    Created new policy and assign to Domain with full access to Authenticated Users

    computer configuration>Policies>administrative templates>Network>Offline

    Run Gpupdate /force on PC / Waited for few hours and still my files are not offline on any of the PC. Doesn't matter how I configure the policy to be use its not created Sync Partnership but if I click on the home drive and select available offline it does create Sync Partnership, I really don't understand what I'm doing wrong here, it must be a bug.

    Without manually click on Available offline

    When I click on Available offline (You can see the Sync Partnership is created)



    • Edited by LalaJee Saturday, July 7, 2018 6:14 PM
    Saturday, July 7, 2018 6:04 PM
  • Hi Kallen,

    Which Is best option for offline files, Offline Files only be available on select PC through security group

    Should I choose this

    Only the files and programs that users specify will be available offline

    Or

    All files and programs that users open from the share will be automatically available offline

    Saturday, July 7, 2018 6:11 PM
  • Hi,

    Thanks for your reply.

    The setting by default is [Only the files and programs that users specify will be available offline].

    We could select [All files and programs that users open from the share will be automatically available offline] if we want to let the offline files be automatically cached.

    Best Regards,

    Kallen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 11, 2018 2:47 AM
  • I also try that and it doesnt work.

    I created the GPO add "Offline Computer" security group on Security Filtering

    Under Delegation I added Domian Computer and Authenticated User as read only and offline computer security group as read and apply.

    On share I Added Domian User as full access and turn on all files and programs that user open

    When I do gpupdate /force and then check the Laptop with GPRESULT /R /SCOPE "User" I can see the offline policy is being denied but when I do GPRESULT /R /SCOPE "Computer" I can see policy has been applied successfully.

    As you can see GPRESULT /R /SCOPE "User"

    NTFS Security Permission.



    • Edited by LalaJee Friday, July 13, 2018 8:38 AM
    Friday, July 13, 2018 8:34 AM