linking group policy in 2003 server

G

Guest

Hi all,
I just started using the 2003 gp. My question is:
I have master group policy that affects all users which has a screensaver
enabled.
I created a second group policy for users who I want to disable the
screensaver.
When you are linking policies to a user group which policy is read last and
is it the settings used?
Example of link:
1.master policy with screensaver
2.policy disabling screensaver
should the order of the link be as above and will the group assigned to the
disabled policy override the master policy? (or does enabling override
disabling?)
 
S

Steven L Umbach

Group Policies are applied from the bottom up in the list of GPO's in a
container which means the one at the top has highest precedence. What you
need to do however is to put the users in different Organizational Units
with separate GPO's link to them, or at least the users you want to have a
different policy in another OU, or "filter" the GPO so that it will only
apply to the users that you want. You can filter a policy in it's
properties/security and give only the group apply permissions instead of
authenticated users that you want the policy to apply to. The link below may
help. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;322176
 
L

lforbes

Hi,
When you are linking policies to a user group which policy is read
last and is it the settings used?
Click to expand...

The GP closest to the user gets read last and is the one that sticks.

Therefore set your enable Screensaver at either the Domain Level or an
OU below it that contains your users. Inside the OU that contains your
users create a second OU for the users who have a disabled
screensaver. Put the Disable Screen Save Group Policy on the child OU.
You Don’t need to block inheritance or anything. As the setting is
the opposite of the one set above then it will be the one that rules.

Eg.

Domain
----My UsersOU (Enable Screensaver GP)
--------My Other UsersOU (Disable Screensaver GP)

I do this all the time and it works great.

Cheers,

Lara
 
B

Bruce Sanderson

To clarify some of the other posts, Group Policies do not apply to Groups,
only to user accounts or computer accounts in Organisational Units to which
the GPO is linked to and OUs inside the the one the GPO is linked to (GPO
links are inherited). The only thing you can do with Groups with respect to
Group Policies is to control access to the Group Policy (normal object
security) - you can prevent members of a group from reading or Applying a
Group Policy. So, you can prevent a Group Policy from being applied to
members of a Group, but you can not force a Group Policy to apply to Group
members - only to users or computers in an OU.

There is no way to "link" a Group Policy Object to a Group.

If a GPO is linked to (or inherited by) an OU that does not contain user
accounts or computer accounts, that GPO link will have no affect on
anything.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Auto locking workstations without using password protected screens 2
Policy loopback causes domain-level policies to reapply 4
added new ou with same group policy 1
Using Group Policy to define a Password Policy 1
Group Policy for Terminal Server not working 2
Windows 2003 Group Policy 2
Screensaver policy on some PCs 2
Screensaver in group policy with user control of what screensaver? 2

Top