Re: GPO Policy won't apply.
From: Mike Aubert (mikenews2_at_2000trainers.com)
Date: 01/16/05
- Next message: Yay Deutschland!: "Re: GPO Policy won't apply."
- Previous message: Yay Deutschland!: "GPO Policy won't apply."
- In reply to: Yay Deutschland!: "GPO Policy won't apply."
- Next in thread: Yay Deutschland!: "Re: GPO Policy won't apply."
- Reply: Yay Deutschland!: "Re: GPO Policy won't apply."
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 16 Jan 2005 14:59:42 -0600
Group Policy settings can be under one of two categories:
- Computer Configuration
- User Configuration
The Computer Configuration portion of a Group Policy Object will apply to
any computer accounts in that OU (or Site/Domain).
The User Configuration portion of a Group Policy Object will apply to any
user accounts in that OU (or Site/Domain).
There is no correlation between Computer Configuration and user accounts or
User Configuration and computer accounts (with the exception of loop back
processing, but that's another topic).
You actually have to trace two paths to get all the Group Policy settings -
one for the computer account and one for the user account.
EX:
Say there was a domain called corp.com with an OU called Corp Users and Corp
Workstations. All user accounts are in the Corp Users OU and all the
computer accounts are in the Corp Workstations OU. Now excluding any
local/site policies or loop back processing, here is where the Group Policy
information would come from.
Computer Configuration: corp.com > Corp Workstations OU
User Configuration: corp.com > Corp Users OU
None of the Computer Configuration settings in a GPO tied to the Corp Users
OU will apply, nor will any User Configuration settings in a GPO tied to the
Corp Workstations OU will apply.
Because the setting in group policy you are using is under Computer
Configuration > Windows Settings > Security Settings...you need to be
concerned where the Computer Accounts are in your OU structure, not the user
accounts. You need to make sure the policy applies to the computer
accounts, not the user accounts
------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
www.2000trainers.com
"Yay Deutschland!" <kein@keinespam.de> wrote in message
news:1eAGd.93022$8l.16240@pd7tw1no...
>I setup a GPO policy to display a logon banner on all of the client
>computers under active directory under "Computer Configuration". The policy
>was created on the Domain User's OU (the container where all my users are).
>Right now I setup the securty settings on domain users to "Apply Group
>Policy" at the check box. Am I doing something wrong? Do I need another
>group to "Apply Group Policy" since this is a Computer Configuration and
>not a user configuration?
>
> TIA
>
- Next message: Yay Deutschland!: "Re: GPO Policy won't apply."
- Previous message: Yay Deutschland!: "GPO Policy won't apply."
- In reply to: Yay Deutschland!: "GPO Policy won't apply."
- Next in thread: Yay Deutschland!: "Re: GPO Policy won't apply."
- Reply: Yay Deutschland!: "Re: GPO Policy won't apply."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
