Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Defining OUs for GP and defining GP themselves

Status
Not open for further replies.
fs483

fs483

Technical User
Jul 7, 2002
977
CA
Hello,

I started playing around with GP and it's pretty cool what it can do. However I was wondering what/how you guys use your GP. I created multiple GPs and named them all differently according to it's function (ie : Remove Windows Update, Force Screen saver, block Internet) and then applied it to the whole OU. Is this a good way or is it better to have just one GP that includes as much restrictions as possible since some of the restrictions apply to everyone. I like having multiple ones since it's clear and easy to see what I'm blocking.

Now for OU, how do I properly separate the OUs since GP can only be applied to OU and not to individual computers/users.

Let's say I have 2 main physical environments :

Administration Office
Laboratory

Inside Laboratory, I have users that are lab technicians that work on lab computers and I have supervisors that have their own laptops (and that use lab computers). I want 2 different GP to apply to the same supervisor depending on which computer they use. How would I achieve this. Currently I have a OU called Supervisors inside Laboratory and another OU called Lab techs.

Thanks
akwong
 
Sort by date Sort by votes
There are many way's to do this and Microsoft recomendations are to make a big as posible group to apply policy's to when there are people in that group who dont need the policy you need to deny them read and apply group policy (open group policy managemet console - on 2003 cd or download it, go to the policy rightclick -> edit, on top of the new windo on the policy rightclick and do propperty's, here you can do the deny thing.

Regards Lars

By the way computerpolicy's are aplyed to computers and user policy's are apyed to users if you no what i am talking about :)



Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
When you make a ou and you have multiple gpo appyed to them they will all apply to the people uin the ou from top till bottom and the last gpo will override the first if you make conflicting policy's

So if you make 3 gpo's and the first says no desktop change the second say's they can change it and the last one says no desktop change they can chaneg it cause the last one overrider the second one, keep this in mind.

Lars

Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
sorry i mean they can not change it :)

Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
This is a pretty nice walkthrough of GPO settings. It will give a good idea of what you can do and how to do it.


My advice is keep it as simple as you can, and when you do get granular with settings (such as denying Apply Group Policy to a security group) be sure to document it. Good luck!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
226
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
373
gbaughma
gbaughma
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
144
technome
technome
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
197
mangentle
mangentle
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
214
fightaccording
fightaccording

Part and Inventory Search

Sponsor

Back
Top