Group Policies - Test Environment

[Guest]

I have been trying to test group policies, and to tell you the truth, I'm a
little confused. I have an OU with two computer accounts in it...mine and
another workstation in my office. I have removed Office from the other
workstation and I have been trying to set up gp so that it will install
Office on it. The biggest part of my confusion is, I guess you could say,
the 'scope' of the gp effect. If I create the gp in the OU, is that the
extent of the gp effect...in other words, are the two computer accounts in
the OU the only ones affected by this gp? If so, where does the application
of using the Security tab (when you click the Properties) button come in?

 

[Steven Platt]

Yes, only the objects inside the OU that the GPO is applied to are affected.
The security tab is there to limit access to the GPO itself. For instance,
Authenticated Users can read the GPO but not modify. The reason they need
to read the GPO is so the policies you have enforced are applied to them.

-Steven-

 

[Guest]

So, if I have an OU with just my computer account in it, with log-in locally
specified, all Authenticated users in the group that I designate can log-on
to my pc, but 'only' my pc, right?

 

[Steven Platt]

No, the setting you speak of is set for the computer inside that OU. Which
means that there aren't any restrictions placed on the users outside of that
OU. The users (given there are no other restrictions) would be allowed to
login locally on other machines.

If you want to restrict the "login locally" to a user then you should tell
the user which machines they are allowed to login to. You can do this in AD
Users and Computers-->right-click username-->properties-->account
tab-->"Login on to..." There you can set the machines that specific user
has local access to.

-Steven-