none
User level GPO

    Question

  • Hi All,

    We have department wise OUs present in your domain.

    Example : OU present is "AdminTeam" and all administration departments members are part of this OU. Only Users are part of this OU and not the computers used by users.

    Now is it possible to apply "Turn off AutoPlay" GPO on this OU and this will get applied to computers used by member in this OU ?

    likewise can below policies applied on user level ? 

    OS based Drive Encryption
    Enable Hidden Files
    Turn on File History
    Turn off AutoPlay
    Windows Firewall ON
    Turn OFF UAC 
    Enable DEP
    Turn off Remote Assistance

    -Atul


    TheAtulA

    Wednesday, February 01, 2017 7:08 AM

All replies

  • AutoPlay_Explain_Text:

    This policy setting allows you to turn off the Autoplay feature.  Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately.  Prior to Windows XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives.  Starting with Windows XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices.  If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives.  This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.  If you disable or do not configure this policy setting, AutoPlay is enabled. 
    Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.

    If you have an understanding of the highlighted-in-bold statement, the answer is yes.
    Create a GPO and link it to the desired OU (containing user objects).
    Edit the new GPO, and Select the "Turn off Autoplay" setting within \User Configuration\, and Set this = Enabled.

    NB: not all settings have a \Machine\ and also \User\ equivalent setting - you must check the desired settings to see if both \Machine\ and \User\ are offered. For your scenario, \Machine\ settings are not useful for your goal, only the \User\ settings will suit your goal.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Wednesday, February 01, 2017 8:16 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 10, 2017 6:36 AM
    Moderator