Hi, OU design caters for many things (delegation of administration is one, and management of GPO complexity is another). You generally want to limit the number of GPOs that need to be processed during logon, so an OU structure that logically groups users and computers into those that have common GPOs applying is generally a design goal (and it's in the Microsoft GPO design advice on TechNet as well). That said, I would rarely create a new OU for no other reason than to apply a single GPO to them...
Cheers Ken From: Mike Gill [mailto:[email protected]] Sent: Thursday, 6 August 2009 2:35 AM To: NT System Admin Issues Subject: RE: UO vs Security Filtering - WAS: Group Policy Doesn't apply It seems I have noticed lately on the list, people using OU's for assigning group policies to people or groups of people which are not used to delegate special rights over that OU. It's my understanding that this is what OU's were meant for, even though this method would also work. If I were to do this, I would create a policy, and assign the user (or user group if applicable) to the security filtering box in that policy. It seems cleaner and with less steps this way. So my questions is, why would one choose the OU method over the Security Filter method for situations like this where simple policy settings are to be applied to a single or small group of users? -- Mike Gill From: David W. McSpadden [mailto:[email protected]] Sent: Wednesday, August 05, 2009 7:06 AM To: NT System Admin Issues Subject: Group Policy Doesn't apply Win2k3 DC, WinXpProsp3 client Created the No Internet Policy on the DC to put in 127.0.0.1 for the proxy addresses. Created an OU on the DC for No Internet Applied the policy to the OU. Moved user to the OU. User still gets to the Internet even after a GPUPDATE /Force and reboot. RSOP says two policies exist No Internet (Higher) Domain Default GPResults show No Internet Not applying but nothing in the events (that I can see) on the client or the DC??? What gives??? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
