Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policies

Status
Not open for further replies.
Monty99

Monty99

IS-IT--Management
Nov 21, 2002
117
GB
I have an Active Directory with a few OU's in place. These OU's represent rooms at my office.
For one room or OU, I have placed all the computers in it. I've created a GPO to lock down the desktops, apply login scripts etc. I've also created a user group for people that work in that room and added that to the OU as well.
On the properties sheet for the group policy, I've enable READ and APPLY GROUP POLICY. The policy does NOT work!

If I add a particular user to the permissions and give him/her READ and APPLY and add user to the OU...it seems to work. Can't get policy to work if I add a User group to the OU. Anyone got any ideas?

Thanks
 
Sort by date Sort by votes
GPOs, although applied to Sites, Domans, OUs, will not apply to groups within those environments. You need to list the members of the group in the OU.

Make sure you apply computer policies to the computers OU, and user policies, to the user OU. Hewissa

MCSE, CCNA, CIW
 
Upvote 0 Downvote
Thanks for reply.

OK.....now I may seem a little thick here. If I have say two OU's, one for marketing and one for sales; you are saying I should put all the individual users from each department in the OU instead of adding them to a security group first and then adding that group to the OU?
 
Upvote 0 Downvote
Monty, yes, you should add the individual users to the OU. That's the whole point of the OU, is to Organize resources into smaller units (avoiding using the word group here to avoid confusion.)

Don't forget that Group Policies are applied in the LSDOU model, so make sure you apply the appropriate policies at the appropriate level.
Local Computer --> Site --> Domain --> Organizational Unit
 
Upvote 0 Downvote
Check this link:


As nryan1980 suggests you need to organize your OU's to acieve the goal you want. Maybe have a root OU with a general GPO applied to child OU's - have child OU's with differing gpo's.....and so on.

Use Groups for managemnt - apply security settings to groups, or use groups within groups or even for memberships. But not as a means to apply gpo's to OU's with the intent to have the gpo applied to the group.

Hewissa

MCSE, CCNA, CIW
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
149
rrmcguire
rrmcguire
JoshuaThompson
  • Locked
  • Question
Software Deploy Group policies are not working at remote site
Replies
0
Views
58
JoshuaThompson
JoshuaThompson
phil3000
  • Locked
  • Question
Screensaver Via Group Policy
Replies
1
Views
110
markdmac
markdmac
cabraun
  • Locked
  • Question
Group Policy Question (Set System Variable)
Replies
2
Views
85
markdmac
markdmac
usrinu
  • Locked
  • Question
applied wallpaper group policy
Replies
1
Views
78
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top