gpo not applying to computers

M

Michael

I could really use some help on this. I've applied a gpo to an OU
which has users and a security group in it. I am setting up an SUS
server so this is the purpose of the gpo. I edited the gpo and it
actually applied to all computers including servers. I quickly deleted
the gpo and realized that I didn't remove the authenticated users from
the security tab. But here is what I don't understand, there were no
computers in the gpo, all our computers are in the actual "computers"
folder in AD. Also, when I try to just apply the gpo to an OU and then
add a specific computer with read and apply permissions, it actually
changes the name so it reads in the security tab;
testworkstation92$(somedomain\testworkstation90) for instance where
the actual correct name of the workstation is workstation90? I am
totally confused. If our computers do not appear to be in any OU other
than in the computers folder under the AD domain, does that mean I
have to set all gpo's at the domain level and then filter everything
out from there? I've spent days on this and would really appreciate
any help. Thanks
 
J

jasont

your computers are supposed to be in the computers
folder, you should not put those pc's into any ou. If you
want to apply a gpo to a computer you would just have to
go under computer configuration instead of user
configuration.
 
J

Jason

Create an OU/OUs for the computers, move the computers to
the OU/OUs and apply the GPO to the OU/OUs. Make sure
that the settings are done under "computer
configuration," not "user configuration." It's very easy
to test these things without affecting your entire
network. Just create a test OU and move your computer or
a test computer to it, then apply the GPO to it. If you
get the desired results, then you can move the rest of
the computers to that OU.
 
M

Michael

Thanks for the response. As you can see this advice contradicts what
the previous user suggested. This is why it gets confusing. There are
differing views on moving computers out of the computers folder and
into OU's. I would think your suggestion is correct, but I don't want
to start moving them out if this will require more admin work in the
future. Thanks for your help.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO not applying 1
gpo filtering 1
Computer settings in GPO not applying to computers 1
GPO IE Zone Mapping issue on TS 2
User GPO not applying unless linked to computers 6
OU Users or OU computers 2
gPO won't take effect 2
GPO not applying to child OU's 0

Top