Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Groups and GPO's

Status
Not open for further replies.
FumUnda

FumUnda

MIS
Dec 21, 2004
4
US
I'm stumped....

I am trying to test a GPO on computers in a security group in a test OU that are also included in their prospective but separate BU's with it's own GPO.

Problem is ... the computers will only take the test GPO if they are explicitly removed from their BU and moved to the test OU: and not in a security group.

I would like to create a security group in the test OU with it's own GPO as well as the public GPO, but I'm not sure anymore if I'm just barking up the wrong tree.

i.e.: COMPUTER1 is in the Workstations/GeneralPC OU with GPOs a,b. Computer2 is in Workstations/GeneralPC/Managers OU with GPO a,b,c. Testing a new GPO "x" in TestingPC OU with security group 'GPO_testing_PCs' with COMPUTER1 in it, but COMPUTER1 does not take GPO x unless I remove it from its OU and place it in the TestingPC OU. Shouldn't the objects in the security group also apply the GPO for the container the security group resides in as well as it's current GPO?

As it stands, using gpresult, I can see it a member of the security group in the test OU, but does not apply the GPO for it, even though the GPO is linked to the container the security group resides in........Did that make sense?!

I've been beating my head with this most of the day and everything I have read seems to point to the actions I've already performed or didn't quite explain it well, usually regarding security and/or filtering.

...help!!!!...

thanks.
 
Sort by date Sort by votes
Don't know if I understood. So you are putting a group in the the OU? You have to put the computer into the OU for the GPO to work.

Televison will make radio obsolete.
 
Upvote 0 Downvote
As Rob says - GPOs only apply to computers/users and not to groups (neither security or distribution).

For you testing you'll need to move the computer (or user depending on what settings the GPO is affecting) to your test OU. Security groups can be used for filtering the application of GPOs (e.g. stop users in a certain group applying the GPO even though they are in the OU the GPO is linked to).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
105
DrB0b
DrB0b
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
84
geneg28
geneg28
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
91
DrB0b
DrB0b
kbryii
  • Locked
  • Question
AD and DHCP issue
Replies
1
Views
94
gbaughma
gbaughma
lecombs1950
  • Locked
  • Question
PKI and Client server application
Replies
0
Views
64
lecombs1950
lecombs1950

Part and Inventory Search

Sponsor

Back
Top