I have a local admin user account with the same username across all our domain machines. I want to apply a user level security filter on any local user with this particular username. So for instance, if my local username was 'local_admin', can I use something like 'LOCALUSER/local_admin' to tell the domain level GPO that I want to filter a policy for that specific local username only? (I think the answer is no but maybe someone knows a way...?)
Asked
Active
Viewed 31 times
0
-
I cant get the point of view. what do you want to solve with this question, is this business related? – djdomi Jul 26 '23 at 17:45
-
Given per-machine users machine1\local_admin, machine2\local_admin, machine3\local_admin... @b-frid seems to be asking if there's a way to set a policy at the domain level that would affect all these users named local_admin. I can see this as a business question, if local_admin left the company and there's a need to retire the ID he made for himself locally on each machine. – tsc_chazz Jul 26 '23 at 17:56
-
Specifically, I am trying to block/deny all removable media storage access for all users except a small subset of domain users and a single local account. The said local account is present (i.e. username is the same) on all machines as part of a standard build process. – b-frid Jul 26 '23 at 18:32
-
This would not work. A policy cannot be applied to a local user, due to local users do not apply group policy. This design is flawed. There are many solutions for managing local storage access, using group policy is not an option for this case – Greg Askew Jul 26 '23 at 21:31