Hi all, I'm trying to be clever with my use of a group policy but
failing miserably. Wonder if someone can advise....
I want to use the same group policy to lock down a particular type of
server on several sites for TS use.
I've written and tested the GP and that's fine.
Within AD I've created an OU and a number of sub OUs, one for each
location. Eg. SITEA, SITEB, SITEC
I've linked the single GP to each of these OUs and will move the
relevant servers into them.
However.... Each site has a group of users for whom I don't want the
lockdown to apply (admins) . This group is different depending on the
site.
I though that I would be able to use the Deny permission in each OU but
this is applying to the GP rather than the OU and is therefore meaning
that each site's admin group has access to the other sites'
servers.
Am I doing this wrong or will I need to create a different GP for each
site in order to be able to permission it in this way?
Any pointers much appreciated.
Graeme
|
Similar Threads
