Apply group policy's to groups not OU's

K

Kevin

I have users that sit under one OU that I should receive
different group polices. I have tried creating a seperate
OU and added a group policy to it. And under that OU I
added a group(restricted) which should use the policy. How
come I can't make apply the group policy to the members of
that group(restricted)?
 
J

Jimmy Andersson [MVP]

GPOs don't apply to groups, only to users and/or computers. But you can use
a group to filter the GPO. So in your case you must link the GPO to a OU
that contains the users.
In order for a GPO to affect an object, the object must have Read and Apply
rights.

Regards,
/Jimmy
 
C

Chriss3

Hello Jimmy and Kevin

In his case he have to remove read and Apply Group Policy from Authenticated
Users to start with, if he just add the object as you said Jimmy a group or
user, it will applay to all sub-objects under that OU anway. after you have
remove the Authenticated Users, or remove the rights read and Apply Group
Policy you have to add the group with a coupel of objects users or
computers, or the object directly, then make sure you give them the
premission read and apply Group Policy. Jimmy technet live was very
intressting, i did't pick or mail adress up, if you have te time send me a
e-mail at (e-mail address removed)

//Christoffer Andersson
 
J

Jimmy Andersson [MVP]

The Authenticated Users group are only affected if he link the GPO "high up"
in the AD design, remember that this group is dynamic. What he should think
about is to what OU he links the GPO, that will be the key issue in this
case.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------
 
C

Chriss3

yeah. sure it is dynamic but dose'nt that gorup includes all logged in
users? lets say we have the follow desgin:

Domain Node
|-OU <- GPO Policy with Security Settings Authenticated Users
read|applie gorup policy and Group Policy Users read|applie gorup policy

this policy will no applie to all ojects in the OU anyway, are i'm wrong?

//Christoffer Andersson
 
J

Jimmy Andersson [MVP]

In that scenario it will apply to all users that are authenticated in that
particular OU.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LOGIN SCRIPTS AND OU'S 1
Restricted Groups 3
Group Policy Problem 3
OU Exceptions. 4
Groups and OU's 3
Restricted Group 1
groups and OU's in ad 3
Problem with restricted groups 3

Top