How to apply Software Restriction policy for specific user in local group policy object ?

Similar Messages

• Need help in setting up Group Policy for same user in local system and Terminal server

  Hi All,
  Currently our remote users are using our network using VPN client over internet.
  They are generally at their home computer and doing VPN as they have to work only in one RDP server for application.
  We actually have a OU created for these RDP users and assign then some strict policy like they can not use any other .exe,they can not user any explorer ,they can not even use windows explorer when they are on RDP they just use one exe of their application.
  Now what my management want is they want their home computers in Domain and want them to login via their same credentials they are using for RDP but they don't want them to restrict in their home computers with any strict policy.
  Now my confusion is how can I configure different policies for same users or same OU.
  Can any one guide me please...

  you can achieve this fairly easily with group policy.
  create an OU and put your remote desktop servers in that OU.
  configure both user and computer policies in a group policy and link it to that ou.
  you need to enable loopback mode - you may want it in merge or replace depending on your other policies you have. Probably replace though I would guess. this is set in the computer configuration > admin templates > system / group policy section.
  now remove the policy you have currently setup for your users on the users OU containing the rdp users. If you want you can move these users back to your main users OU.
  when your users login to the RDP server the settings in the user section of the GPO linked to the RDP Servers OU will apply.
  when the user logs in to their own computer the policies from the user OU and computer OU will apply - but not the more restrictive RDP OU.
  hope that makes sense.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• How to install the adobe creative cloud packager and how to apply the adobe ID for Admin user

  Hi team,
  Anyone has done install silently the captivate 8 using AAME? i try using this tool to create the msi but its not work.
  i saw the previous disussion on captivate 7 and they said cannot use AAME and need to use CCP.
  isit also applicable to Adobe Captivate 8? if yes cana anyone tell  me how to download the CCP?
  I already create my Adobe ID but when i try to login, its stated "Adobe does not recognize you as an authorized user of this web site."
  How can i access this site? appreciate your help

  The help I have been using (unsuccessfully) is here:
  >These links provide additional guidance for deployment support
  >Creative Cloud Packager Help: http://helpx.adobe.com/creative-cloud/packager.html
  Dave

• Log transactions for specific users

  Hi, How can I get the log for specific users, such as SAP_ALL : I want to know which transactions they have accessed in the last month for example or if they have accessed to a specific transaction.
  Thks !

  Hi,
  try tranction ST03N (Workload Monitor)and select "User Profile" in the Analysis View. There, you can see a list of Users. Double click on any of them to see the accessed transactions.
  Kind regards
  Dirk

• Bypassing Software Restrictions GPO for disconnected machine

  Hi all,
  We use a Software Restrictions GPO to block users running an application on our network. We do have some users though who are allowed to run this application so we add them to an AD group which has deny permissions on the Software Restrictions GPO, hence
  the GPO does not apply, hence they can run the application.
  All is good apart from when someone disconnected to the network (i.e. working from home) decides they need to run the application. Although their account is added to the AD group, because they are disconnected nothing updates on their machine and they still
  cannot run the application.
  We advise that they need to visit the office, connect to the network so that AD Group Membership and Policy can update but some users object especially when they might not be planning to visit the office for some time.
  Is there anyway we can work around this without too much of a compromise?

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• How can i open period for specific user in OB52.

  Hi Expert,
  How can i open period for specific user in OB52.  As 'Authorisation Group' field is there in OB52, how can i use this field to restrict the specific user to post for particular period.  How can i creat authorisation group and where can i assign it to the particular user...
  Please let me know?
  Thanks and regards,
  Sam.

  Hi,
  Here is the detailed process as outlined in SAP help.
  Procedure
  If only a limited set of users is to be able to post in a particular posting period, proceed as follows:
  Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an authorization group (e.g. '0001').
  Enter the account type '+' for the posting period variant to which the restriction is to apply. Enter the period(s) whose use is to be restricted in the first period, those which are available to all users in the second period, and the authorization group (e.g. '0001') in the last column.
  Examples
  A posting period can be successively restricted. If, e.g. 10 users have the posting period authorization with authorization group '0001', and 3 of these 10 users also with authorization group '0002'.
  If the period is only to be accessible to the 10 selected users the authorization group '0001' is entered in the posting period variant. Access can later be restricted to the remaining 3 users by entering '0002'.
  Thanks
  Venkata Ganesh Perumalla

• I can't find how to apply sound enhancements (EQ) for the podcasts now with iOS 6.0 update

  Dears at Apple:
  I can't find how to apply sound enhancements (EQ) for the podcasts now with iOS 6.0 update on any of my devices(iPhone 4s, iPhone Touch (4th Gen), iPad (3rd Gen). Most of the "Podcasts" I listen to are music content based and wanted to apply sound enhancements(EQ) like before when integrated with ipod function. Can you consider to "fix" this issue?
  Many Thanks!

  OK Emanuel I found a solution! I dowloaded and installed "Denon Audio" app from the iTunes store & it works great! It has an EQ you can set curves on manually or use the (few) built in pre-sets. It is a player like the Music app that comes with the iPhone, etc. but restores the EQ functionality so we can adjust the audio of PODCASTS:-) Until Apple fixes this what I consider a bug I will be using the Denon app as my default music player!

• How to check the tran code for specific activity.

  Hello friends ,
  could you please let me know how to check the tran code for specific activity . AS in table , i can check , what transaction does what ? But now i need to check the transaction for specific activity .
  E.g , For Administrator workbench , there is transcation like RSA1 .
  thanks in advance
  Regards

  Hi,
  try the TSTC table with SE16.
  Hope it helps,
  MG

• How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR

  Hi,
  How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR
  Regards
  Anil Kumar

  Hello there Anil,
  A simple way to quickly get a overview is to look at the request history within the portal environment (note that this will expire in a few day based on your environment, after that you would need to FIM Reporting Module - but you could increase this to
  maybe 60 days to so, watch the DB size).
  To do this you could create some custom search scopes of do some custom queries. The creator of the SSPR activities always has the same GUID so you can use that so search.
  In your search scope you can use the following XPath to play with.
  - All Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and Operation='Put']
  - All Completed Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and RequestStatus=‘Completed']
  You can play with the "RequestStatus".
  Hope this helps.
  Almero Steyn (http://www.puttyq.com) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer
  faster.]

• The user '*' preference item in the 'User - 6th Form Students Policy {E03166E7-A848-48B5-AA93-97B848AA9C13}' Group Policy object did not apply because it failed with error code '0x80070003 The system cannot find the path specified.' This error was suppres

  I am looking at an issue with users not getting specific group policies. 
  After searching a number of client computers I found that the following error
  The user '*' preference item in the 'User - 6th Form Students Policy {E03166E7-A848-48B5-AA93-97B848AA9C13}' Group Policy object did not apply because it failed with error code '0x80070003 The system cannot find the path specified.' This error was suppressed.
  I can find the folder in the Sysvol folder on all of the domain controllers. 
  The issue with end users seems to be that the proxy settings for internet explorer is not being applied. 
  Potential problems?
  one folder in sysvol entry is empty 
  \\<server>\SYSVOL\<domain.name>\Policies\{E03166E7-A848-48B5-AA93-97B848AA9C13}\User\microsoft\IEAK\LOCK
  or is this our issue
  The old method of configuring proxy settings  to Internet Explorer 9 has changed?
  https://support2.microsoft.com/kb/2530309?wa=wsignin1.0 
  http://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/

  Hi all 
  In administering this policy I am a little confused. 
  We have a policy that distributes proxy settings in the internet explorer maintenance settings section - however when opening this policy up in GPO editor the internet explorer maintenance section is not present.
  I plan to apply the settings via User/preferences/control panel settings/ internet settings (or registry settings from article) however I am unable to edit the settings for internet explorer maintenance and these will persist. Ideas????

• Restricting  Access for SQ01 User Group

  Hi ,
  Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
  Thank you
  Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

  Hi,
  Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
  If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

• MIGO - Challan NO :  Feild mandatory for specific user

  Hi Experts,
  I want to make the Callan No in the MIGO  as mandatory for specific users.Can any body tell me how to do this ?
  Regards,
  Lakshmi.

  Dear
  There is two possibility.
  1 - SPRO->Material Management->IM and PI-> Settings for enjoy transactions ->settings for goods Movements (MIGO)->Field selection for MIGO.Then against Field name choose the radio button Req.
  This will impact for all the user.
  2 - If you would like to restrict for particuar user than use of SHD0.
  Create screen/transaction variant of MIGO through SHd0. In this put your req. field compulsory.Revoke the authorization of MIGO from particular user and assing the new transaction code done through SDH0 to this user.
  Due to this you can control req. entry in MIGO for particular user.
  Regards
  Rajan

• Data Level security for specific Users

  Hi,
  Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
  Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
  But, key thing here is that, the user belongs to both the groups.
  Any ideas helps.
  Thanks,
  Chandu.

  So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
  Why are they in the group then?
  Are the data filter defined with variables or are the hard-coded?
  If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
  I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.

• Removal of workitems from Inbox for specific user

  Hi,
  Can anyone tell how to delete mass workitems from a specific user's inbox.
  For example if there are some 4000 workitems in a user's inbox, how can we delete all the workitems by not seleting one by one and deleting.
  Thanks&Regards,
  Pavan

  Hi,
  you can use tcode : SWWL to do that...
  This is not the right fourm for asking this ???? it should be under BPM.
  Atul

• Hiding P0002-PERID for specific users

  Does anyone know how to hide the social security number field field for specific users?  We are trying to hide it both at the header level and detail level of IT 0002.
  Thanks

  Jeff,
  Follow this link http://www.*********************/hr_security/hr_security.htm, otherwise request your SAP Security person/team.
  Thanks,
  Kiran.