|
Correct. In a nutshell, you remove the Everyone:Read entry from
the ACL on the GPO, and replace it with Read rights for the group(s) you're
interesting in applying it to
--------------------------------------------------------------
Roger D. Seielstad -
MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
I
know the settings are applied to users and computers.
You
can limit who it ( GPO ) is applied to within the OU through ACL's?
Chris Flesher
The University of Chicago
NSIT/DCS
1-773-834-8477
Chris,
GPOs are not
applied to Groups, they are applied to Users and Computers. So, the fact
that there are two groups that the user is a member of existing in two
different OUs is really not relevant. All that matters is, where the Users
are located and where the systems that the users are logged on to are
located.
Have you used FAZAM
or GPResult (RK) to check the RSOP info. This will tell you exactly what
GPOs are affecting a given user.
Good
Luck,
Kevin
From: Chris
Flesher [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2003 2:18
PM
To:
[EMAIL PROTECTED]
a user can be a
member of more then one group. if a user is a member of two groups that are
in seperate OU's, then the user can have group policy applied to two
seperate groups based on ACL's within each OU? I don't need an object
existing in two seperate OU's. I just need two seperate groups with a user
being in each group, with each group in seperate OU's.
Chris Flesher
The University of
Chicago
NSIT/DCS
1-773-834-8477
-----Original
Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Crenshaw,
Jason
Sent: Monday, July
21, 2003 12:38 PM
To:
'[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Group Policy
question
What is group policy or a GPO?
Group policy is a new Windows term for common
configuration settings. An administrator can create a group policy which
applies to users or computers. This group policy can set certain computer
settings such as who can login to the computer or user settings such
whether the user can run control panel applets. Group policy is similar to
what was called policy in NT4, but there is a vastly improved performance
together with a greater number of common configuration settings. A GPO, or
group policy object, is a set of settings applied to a site, domain or OU
container. The GPO then is applied to every machine or user object under
that container. One can configure a GPO with ACLs to restrict the
computers or users to which it is applied.
This also
suggests that it is technically impossible to do since a user object can
only exist in one container or OU.
Hope that this
answers your question.
Jason
-----Original
Message-----
From: Roger
Seielstad [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2003 11:29
AM
To:
'[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Group Policy
question
I
believe there's nothing in TechNet on it because its technically
impossible to do. You can't have an object in more than one
OU.
--------------------------------------------------------------
Roger D.
Seielstad - MTS MCSE MS-MVP
Sr.
Systems Administrator
Inovis
Inc.
-----Original
Message-----
From:
Chris Flesher [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2003 12:49
PM
To:
[EMAIL PROTECTED]
Subject: RE: [ActiveDir] Group
Policy question
Guido, that's
not quite what I had in mind. Two OU's that are not hierarchical to each
other. It could be a flat OU architecture. Two seperate OU's that have
gpo's applied to a group. If a user is a member of both groups, which
gpo will take precedence? Maybe it's a dumb question but it was posed to
me by a higher up and I can't find anything about this scenario in
technet.
Chris
Flesher
The University
of Chicago
NSIT/DCS
1-773-834-8477
-----Original
Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of GRILLENMEIER,GUIDO
(HP-Germany,ex1)
Sent: Monday, July 21, 2003 10:43
AM
To:
[EMAIL PROTECTED]
Subject: RE: [ActiveDir] Group
Policy question
I guess
you're using the groups to filter for whom a GPO is applied - but
you're not applying a GPO to a group ;-) It doesn't matter which
OU the group resides in, it simply matters, which OU the respective
GPO is applied to.
Assuming
you're talking about applying two GPOs to the same OU - each with a
separate Group used for filtering, then you can set the priority of
the GPO processing order directly on the OU on the Group Policy
tab.
From:
Chris Flesher [mailto:[EMAIL PROTECTED]
Sent: Montag, 21. Juli 2003
17:18
To:
[EMAIL PROTECTED]
Scenario: a
user is a member of two groups. Each group is in a seperate OU. A gpo
is applied to each group. Which gpo will take precedence for that
user? In other words, which will be the last to be applied and get the
settings applied to that user?
Chris
Flesher
The
University of Chicago
NSIT/DCS
1-773-834-8477
|
