Sorry, but I'm failing to see why this particular feature request is one that should go in, but inevitable requests for additional extensions to the functionality should not :-)
Most larger companies I've seen, tend to use groups or OUs to manage this (optionally with some 3rd party front-end to handle version control, delegation and promotion of GPOs between environments). Cheers Ken -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, 4 August 2009 2:54 PM To: NT System Admin Issues Subject: Re: GPO for a single user On Mon, Aug 3, 2009 at 11:52 PM, Ken Schaefer<[email protected]> wrote: > Whilst the particular case might be simple ... I can just see this > getting out of hand. So don't do that, then. :) Microsoft tells people "no" all the time. That can be one more of those. > People will want to be able to do this to groups as well as users ... Once you move beyond a single user, it seems like the transition to OUs is obvious. Or create the GPO and filter to that group, no problem. You're already maintaining the group, so no big. Heck, here's another idea: A button in the AD group dialog that automatically creates a GPO (prompt for OU) and filters it to just that group, then opens it for editing. (Or just edits if already existing.) Basically a macro/wizard for what is a very common task. In our case, we just have a few GPOs with names like "THERMAL account" and "ENTEK account" and "THMCNC account" so on. It's decidedly inelegant. I imagine a larger company could have tens, even hundreds, of stupid one-off GPOs like that. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
