Topic: «[Q] How to?»
i´ve following task to perform:
secure access to devices by usergroups and deny device-access to specific computers..
1. distribute the DL software by GPO
2. configure device-permissions via smartline DL
3. grant user permission via groups
4. deny access to devices on specific computers by adding those computers to a "denygroup"
#1 and #2 worked fine..
but for some reason, adding a user to a (new created) group doesn´t give him permission to access devices...
on the other hand, if i add him manually via DL-console, it works fine..
i´ve waited many houres to make sure the DC replicates and performed a lot off reboots on the specific computer.. but without success
what i´m wondering about is, that there are no default security groups in AD and the marker to left of "Group Policy is enabled for this machine" is coloured red..?
within the smartline service options i can´t find the option to activate this..
do i need to install DL on a DC to have those groups and than i can reply permissions by groups?
or what could be wrong with the implemened way of DL??
Windows 2000 domain with 2 DC´s
450 Clients running mainly Windows 2000 SP 4 and some XP SP 3
Devicelock Version 6.0 (build 592)
thanks in advance for your support!
|Posted: 02/24/2009 14:59:35|
OK. First. You may want to update DL to something more recent [assuming you have support for it].
DL doesn't have to be on a DC.
Check the settings on "sample" PCs to verify they are going through in the GP.
Don't use the deny setting. If you list [for example] a Windows security group in the CD-ROM permissions, by default anyone not in that group is denied.
[BTW, in general it's a practise in Windows not to use the deny feature in permissions unless absolutely necessary.]
|Posted: 02/24/2009 18:35:52|