On Mon, Aug 3, 2009 at 11:52 PM, Ken Schaefer<[email protected]> wrote: > Whilst the particular case might be simple ... I can just see this > getting out of hand.
So don't do that, then. :) Microsoft tells people "no" all the time. That can be one more of those. > People will want to be able to do this to groups as well as users ... Once you move beyond a single user, it seems like the transition to OUs is obvious. Or create the GPO and filter to that group, no problem. You're already maintaining the group, so no big. Heck, here's another idea: A button in the AD group dialog that automatically creates a GPO (prompt for OU) and filters it to just that group, then opens it for editing. (Or just edits if already existing.) Basically a macro/wizard for what is a very common task. In our case, we just have a few GPOs with names like "THERMAL account" and "ENTEK account" and "THMCNC account" so on. It's decidedly inelegant. I imagine a larger company could have tens, even hundreds, of stupid one-off GPOs like that. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
