Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Applying Group Policy to Groups

Status
Not open for further replies.
stompin

stompin

Technical User
Jun 28, 2004
223
GB
OK can I setup a GP and apply the GP to an OU without any objects in the OU and just use the GP filter function by selecting groups of users and or computers I want the GP to be applied to? In other words create an OU called test, keep the OU empty of any AD objects, create a GP and under the permissions list just apply the GP to a group called XP Machines. Will this GP then apply to the members of XP Machines??

Hope that makes sense..!

stompin
 
Sort by date Sort by votes
I don't think so. I think the GP only applies to the AD Objects under that OU. I could be wrong though.
 
Upvote 0 Downvote
no it would not...you would have to be using loopback mode, which could only be done if the computer or user object is in the OU the policy is set on....in that case you could use loopback in merge or replace mode to get user settings onto that computer from a different OU

short of that, the L-S-D-OU methodology still applies...there is no search for random policies that are not linked within the upper tree limbs of the object the policy is being applied to

-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there :)
 
Upvote 0 Downvote
Group Policy is applied only to the objects in the container that the Policy is applied to (this includes SUB OU's). The only valid objects are USERS and COMPUTERS. The two parts of the policy are applied to their counterparts... user policy only applies to user objects, computer policy only applies to computer objects. Computer policy is applied when the PC starts, and user policy is applied after the user supplies his/her credentials at login. Policies are applied in the order: local, site, domain, OU, Sub OU. Any settings that are specified in a policy will overwrite settings specified in a previous policy.

If you wish to generate a policy that only applies to a particular group, you should apply that policy to the container that holds all the computers or users that will be in that group (i.e. domain level). Then, with the advanced view, you adjust the permissions on the policy... you can specify which groups to "apply policy" (its a security permission), you can even deny "apply policy" to a particular group (i.e. admins) to prevent the policy from applying to them.

Hope this helps.

A+/MCP/MCSE/MCDBA
 
Upvote 0 Downvote
Thanks to all of you for the advice. I am happy using GP but my setup here at work would benefit from being able apply GP's to groups which exist outside of containers - oh well.

stompin
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
144
technome
technome
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
229
microsGuy16
microsGuy16
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
123
hairlessupportmonkey
hairlessupportmonkey
DrB0b
  • Locked
  • Question
HyperV trying to do extended replica to external HDD
Replies
0
Views
78
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top