OUs and Sites

  • Thread starter Thread starter Luis Jesus
  • Start date Start date
L

Luis Jesus

Hi all,

Here is my situation. I have one domain xyz.com and have
two sites within this domain. These two sites are well
connected (128kb line). I was just wondering how I should
go about settting up policies for these two sites. I
would like to setup two policies, one per site (already
have on domain wide policy).

The other important question is the logon script. Most
people using portable computers either logon at one site
or the other and the logon scripts map different network
drives. My question is: Is there anyway to force a
client (portable computer) to use the logon script of the
site he is on??

Last but not least, how should I go about organizing
groups. I have an 5 types of groups (computer) right now
domain_pcs_site1, domain_pcs_site2, domain_servers_site1,
domain_servers_site2 and finally domain_portables.

Any ideas??

LJ
 
Hi LJ,

If you open the properties for the site objects you
should see a group policy tab. You can use this to
instituate policies on a per-site basis.

I believe on such policy constrols the logon scripts - so
you should be able to set the logon scripts per site
using the same policy object.

I don't really understand your last question concerning
computer groups. Such questions are usually bounded by
how exactly your organization is set up. The general
rule of thumb is do whatever is easiest for you to
administer.

Hope this helps,
Tony Yuhas
Microsoft
Active Directory Tools
 
Luis,

If I am reading your situation correctly, what you could do is create a site
policy on each site, remove the authenticated users from the permissions on
the group policy, add the domain_portables group and give the group Read and
Apply Group Policy permissions. The policy will only apply to the computer
account and not the user account (make sure the laptops are a member of the
group). In applying the policy you would only have the ability to implement
startup and shutdown scripts.

Another way to do it would be to create a group such as "Mobile Users" (you
would need to add the mobile user accounts to the group), then apply the
policy to the group. If the user gets a logon script from a domain/OU
policy, then the site policy will get overwritten. The way policies are
applied in order are Local, Site, Domain, OU.
 
Back
Top