Cross domain Group Policy Objects

Todd DeLand
Nov 4, 2015 · 1 min read

04 November 2015 on group policy, Azure

This week I wanted to disable Shutdown/Restart of our VMs in Azure. Come to find out, this is a user setting, not a machine setting.

Here’s how to setup a Group Policy so that it all works.

Our situation: User in domain ABC logs on to computer in domain XYZ. I wanted user specific policies to be applied only in domain XYZ. The specific policy was to disable the shutdown/restart ability. Obviously don’t want this to apply to computers in domain ABC (the users PC).

I created a new GPO in XYZ with the following settings:

  • Computer Configuration\Administrative Templates\System\Group Policy\Allow cross-forest user policy and roaming user profiles — Enabled
  • Computer Configuration\Administrative Templates\System\Group Policy\Configure user Group Policy loopback processing mode — Enabled Mode:Merge
  • User Configuration\Administrative Templates\Start Menu and Taskbar\Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands — Enabled
Image for post
Image for post

Originally published at todddeland.com on November 4, 2015.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store