Viewing 3 reply threads
  • Author
    Posts
    • #1567267
      AlexTLS
      Participant
      Member Points: 285
      Rank: 2

      Hi team,

      As mentioned in the title, I want to know what account will be used when the system applies computer policies (not user policy).

      1. Let’s say I want to push a file to domain joined computers by using GPO under Computer Configuration –> Preferences –> Windows Settings –> Files. The AD domain controller needs to authenticate to computers before it can copy a file to the computers, right? But what account will the AD DC use for authentication ?

      2. Similar to item 1 , I want to add bookmarks to Microsoft Edge for domain joined computers by using GPO under Computer Configuration –> Polices –> Administrative Template –> Microsoft Edge. This needs to authentication to computers before changes to the Edge browser can be made. What account will the ADDC use?

      BR

    • #1567312
      James Gretton
      Participant
      Member Points: 89
      Rank: 1

      You have it the wrong way around, the GPO will tell the workstation to pull the files from a location.  You need to set your share to allow

      • either the computer in question,
      • domain computers group,
      • a security group with the relevant computers in it

      access to the share.

      Example:

      Files are stored on \\FS1\Share\Bookmarks

      Share Permissions = Everyone: Full Control

      NTFS Permissions = Domain Computers: Read Only

      In this way, the computer account is authenticating against the share and can access the files in question.

      avataravatar
    • #1567333
      Michael Pietroforte
      Keymaster
      Member Points: 37,140
      Author of the year 2018
      Rank: 4

      James, is right about the file.

      With regards to applying computer policies, if I remember it right, Windows uses the local system account to apply the the policies, that is changing the corresponding Registry settings.

    • #1567342
      James Gretton
      Participant
      Member Points: 89
      Rank: 1

      Yes the local system account is used to apply the group policy to the system itself. Microsoft has got a mountain of info for you to devour on this topic, the other recommended reading is anything by Mark Minasi, if you really want to know how all the pieces fit together

      https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831791(v=ws.11)

Viewing 3 reply threads
  • You must be logged in to reply to this topic.
© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account