Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

GPO and security group problem

Status
Not open for further replies.
vero102

vero102

Technical User
Jan 29, 2004
3
0
0
NL
Hi there,

Question: How to get the right GPO assigned to users who resides in more the one security group.

dom.nl
| |
| OU - notebooks + sec. group nb_users (domusr1,domusr2)
| | + sec. group nb_workstations (pc1,pc2)
| |
| | gpo_nb = security set on both nb_groups read,apply
|
|
OU - TS + sec. group ts_users (domusr1,domusr3)
| + sec. group ts_servers (TSsrv1,TSsrv2)
|
| gpo_ts = security set on both ts_groups read,apply

gpo list =
1 default domain
2 gpo_nb
3 gpo_ts

When user domusr1 logs onto pc1 he isn't suplied with the gpo_nb settings, when he logs onto TSsrv1 he's getting the gpo_ts settings.

Please, can anyone explain to me how i can get it to work?

Tia

 
Sort by date Sort by votes
You need to set the security settings for your GPOs.

Right click the Domain in AD Users and Computer. Choose Properties.

From GPO List highlight your GPO. Click PROPERTIES.
Click Security

The last setting in the security settings is whether to APPLY or DENY application of the GPO.
 
Upvote 0 Downvote
I 've done so, but the problem is that domusr1 is a member of both security groups notebook-user and Terminal server-user and therefor he's a member of both ou and again he's submitted to both GPO's.
One gpo supose to go active when he's logging on to the notebook and the other one when he's logging on a terminal server session.
I thought i managed it with the use of security gorups and specificly set read and apply towards this sec. group.
but in real world it doesn't work like that.
domusr1 doesn't get it's setting when logging on it's notebook but when he logs on to the terminal server it goes ok.

So can you give me an hint,

tia
 
Upvote 0 Downvote
Try moving your policies up to the domain level, that should resolve it for you if the security settings have been applied as you say.
 
Upvote 0 Downvote
I 've done so, but the problem is that domusr1 is a member of both security groups notebook-user and Terminal server-user and therefor he's a member of both ou and again he's submitted to both GPO's.

From this, It sounds like you have a misunderstanding of GPO's and OU's. A user or a PC is not a member of an OU just by been a member of a group that is applied over a GPO. A PC or user account has to reside in the OU for the GPO to apply (right click object, select move, then place in relevent container.)

Basicly a user or PC can only be a member of one OU. The only way I can think of getting this to work the way you want is to use a different user account for each login situation (which is naff). Maybe someone else here will be able to help you out more on the layout of your OU's.

Hope this helps
Martin

 
Upvote 0 Downvote
I'd apply the policies to Groups and make the user a member of those groups. The user should at that point get both the policies to apply.
 
Upvote 0 Downvote
Hi Mark,

I wasn't aware you could apply GPO's at group level, where would this be done? It may come in handy.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
392
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
245
suncit
suncit
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
126
technome
technome
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
102
RRankin355
RRankin355
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
97
on3mansh0w
on3mansh0w

Part and Inventory Search

Sponsor

Back
Top