GPOs only apply to users and/or computer accounts and
nothing else!
Said in another way: the objects to be managed (users
and/or computers) must fall within the scope of management (SOM) of a GPO that
is linked to some OU (the objects must be directly in the OU the GPO is linked
to or in a sub-OU of it)
using security groups is an option for security
filtering.....so let's say you have an OU with 1000 users and you link a GPO to
that same OU (remember the SOM!), BUT you only want that the GPO applies to the
first 500 users and not the second 500 users. One of the ways to do that is to
create a security group somewhere in the domain (I mean: it's location is not
important for this to work) and give that security group READ and APPLY to the
GPO that is linked to the OU with the objects it should apply to. Don't forget
to remove READ and APPLY for authenticated users! Now, to make sure the GPO only
aplies to the first 500 users, make sure the first 500 users are members of that
security group that has READ and APPLY to that GPO! The second 500 users will
never look at or apply that GPO because they will not see it
cheers,
jorge
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, June 16, 2006 12:40
To: [email protected]
Subject: [ActiveDir] Group Policy not working?!
Windows 2000 Domain in Native Mode (Test Environment)
1 Domain
3 OU's (FactoryOU, RaceTeamOU, TestTeamOU)
In each of the OU's is a Security Group - Global
In each of the groups we have placed the users & computers relevant to that group.
The default domain policy takes effect with no problems but we are unable to get the Factory, RaceTeam or TestTeam policy's to work unless we take them out of the security group and place them directly into the OU.
Do GPO's work with groups or is it only users?
Chris.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
