Apply group policy's to groups not OU's

  • Thread starter Thread starter Kevin
  • Start date Start date
K

Kevin

I have users that sit under one OU that I should receive
different group polices. I have tried creating a seperate
OU and added a group policy to it. And under that OU I
added a group(restricted) which should use the policy. How
come I can't make apply the group policy to the members of
that group(restricted)?
 
GPOs don't apply to groups, only to users and/or computers. But you can use
a group to filter the GPO. So in your case you must link the GPO to a OU
that contains the users.
In order for a GPO to affect an object, the object must have Read and Apply
rights.

Regards,
/Jimmy
 
Hello Jimmy and Kevin

In his case he have to remove read and Apply Group Policy from Authenticated
Users to start with, if he just add the object as you said Jimmy a group or
user, it will applay to all sub-objects under that OU anway. after you have
remove the Authenticated Users, or remove the rights read and Apply Group
Policy you have to add the group with a coupel of objects users or
computers, or the object directly, then make sure you give them the
premission read and apply Group Policy. Jimmy technet live was very
intressting, i did't pick or mail adress up, if you have te time send me a
e-mail at (e-mail address removed)

//Christoffer Andersson
 
The Authenticated Users group are only affected if he link the GPO "high up"
in the AD design, remember that this group is dynamic. What he should think
about is to what OU he links the GPO, that will be the key issue in this
case.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------
 
yeah. sure it is dynamic but dose'nt that gorup includes all logged in
users? lets say we have the follow desgin:

Domain Node
|-OU <- GPO Policy with Security Settings Authenticated Users
read|applie gorup policy and Group Policy Users read|applie gorup policy

this policy will no applie to all ojects in the OU anyway, are i'm wrong?

//Christoffer Andersson
 
In that scenario it will apply to all users that are authenticated in that
particular OU.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------
 
Back
Top