GP not working under Container

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello, I don't understand why my GP is not working under my new Unit that I
have created.
The Primary GP works which is located at the root of the Organization unit I
just cannot get this new GP to work. Please help.

Thanks,

Firenet
 
Howdy!
Hello, I don't understand why my GP is not working under my new Unit that I
have created.
The Primary GP works which is located at the root of the Organization unit I
just cannot get this new GP to work. Please help.
Click to expand...

The OU you linked your GP to, did you move user or/and computer objects
in there? They need to reside in the OU the GP is applied to, in order
to geht the settings applied. Remember that UserConfig- settings only
apply to users and CompConfig- settings only to computers (by default).

cheers,

Florian
 
Howdy!

Florian said:
The OU you linked your GP to, did you move user or/and computer objects
in there? They need to reside in the OU the GP is applied to, in order
to geht the settings applied. Remember that UserConfig- settings only
apply to users and CompConfig- settings only to computers (by default).
Click to expand...

After re-reading your posting: You know that Policies linked to
Containers will *not* work. The only exception is the Default Domain Policy.

Create a new OU, put the objects you want the Policy to affect into that
OU and link the GP to the OU.

cheers,

Florian
 
Florian, you wrote "Create a new OU, put the objects you want the Policy to
affect into that OU and link the GP to the OU."

Okay I created a new OU and put my object (users) in there. Now this is the
part I don't understand. Do you want me to link to the Default Domain
Policy? if so the default Domain Policy was never modified by me because I
was told it should not be modified. If I modify the Default Policy or create
a new policy at the main/top level OU will my lower OUs inherit the new
policy and cause me problems?
I just need a new GP for one OU but I think you said that will not work.
Please explain.

Thanks

Firenet
 
Hi,

Create a New Group Policy on the OU that you just created. You don't need to
link to the Domain Group Policy because policies from above (Domain) are
inherited anyway. That was good advice to leave the Domain Group Policy
alone especially if you are unsure. Changing it can cause problems and it is
best to only make changes to the Domain Policy if you are sure of what you
are doing.

The nice thing about creating your own policies is if you mess them up you
can just delete them and everything goes back to where it was before.
However, you cannot delete the Default Domain Policy or the Default Domain
Controllers policy because you can never "recreate" them and deleting them
will mess up your domain.

Cheers,
Lara
 
Howdy!
Florian, you wrote "Create a new OU, put the objects you want the Policy to
affect into that OU and link the GP to the OU."

Okay I created a new OU and put my object (users) in there. Now this is the
part I don't understand. Do you want me to link to the Default Domain
Policy? if so the default Domain Policy was never modified by me because I
was told it should not be modified. If I modify the Default Policy or create
a new policy at the main/top level OU will my lower OUs inherit the new
policy and cause me problems?
Click to expand...

Maybe we talk about two different things ;) I assume that you want to
deploy a certain setting to your users, maybe a desktop setting or
something like that. So, after you created a OU (as I assume that you do
not want to have this setting applied to all users in your domain) and
put your users into it, you create a new GP with the settings you want
the users in the newly created OU to have. Then link the policy to the
OU. All users located in that OU will now get the settings applied.

Not altering the Default Domain Policy is a very good idea. You might
want to create a new GP at domain level and make your settings there.
This would be a good idea if you wanted to have all your domain's users
to apply specific settings like a domain-wide wallpaper etc.

The policy precedence is L-S-D-OU which means, that conflicting settings
will be overwritten in the order: Local - Site - Domain - OU (- SubOU).
Local Policies will be overwritten by site policies (that) will be
overwritten by domain policies that will be overwritten by OU specific
policies, that will be overwritten..

I hope I could make it a little clearer.

cheers,

Florian
 
Back
Top