I am cleaning up almost 4 years of group policy mis-management that include a pair of Citrix Servers. My question is that there are 2 OU's that have group policies. The 1 OU contains all users that connect to the Citrix Servers, the other OU contain the 2 Citrix Servers. I know the order of group policies processing, but how are the group policies processed when the there are the 2 different items (user & server) in 2 different OU's. Thanks - Paul
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
AD OU's and group policies
- Thread starter dande
- Start date
When the computer boots up it looks at it's location in AD and applies all of the "computer" portions of all policies that apply to it.
The same thing happens when a user logs in.
What this means is that "user" policies that are only on OU's containing computers don't do anything and vice-versa.
There is one caveat, though... If "loopback" processing is enabled in the "user" portion of a policy on a computer OU, then the user portion for that policy will be applied last, ensuring that if you log on to a machine in that OU the user policy is enforced. This is common in citrix environments, so that users have a different desktop experience in citrix than on their normal machines.
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
The same thing happens when a user logs in.
What this means is that "user" policies that are only on OU's containing computers don't do anything and vice-versa.
There is one caveat, though... If "loopback" processing is enabled in the "user" portion of a policy on a computer OU, then the user portion for that policy will be applied last, ensuring that if you log on to a machine in that OU the user policy is enforced. This is common in citrix environments, so that users have a different desktop experience in citrix than on their normal machines.
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
- Status
Similar threads
- Locked
- Question
