Re: GPO for servers only
From: Phillip Windell (_at_.)
Date: 02/09/05
- Next message: Jared Bassett: "Can WINS be disabled in Group Policy?"
- Previous message: Jimmy Andersson [MVP]: "Re: Security Policy Question"
- In reply to: TechMasters: "Re: GPO for servers only"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 11:19:25 -0600
The best way is to have the servers in an OU and apply the GPO to the OU.
You control what it effects by where you apply it in the "tree".
Here is an example AD Tree looks like I would use (each "--" is an OU).
Even though NT4.0 doesn't partake in AD I still have the OUs with the
machines in them for organizational purposes. Notice there is a "disabled
users" OU for former employees where the disabled accounts would be kept
instead of deleting the accounts.
[Domain]
--Domain Computers
--NT4.0 WorkStations
--Windows 2000 Pro
--XP Pro with SP1
--XP Pro with SP1
--Domain Controllers
--Domain Servers
--Server 2003
--Server 2000
--NT4.0 Server
--Domain Users
--ISA Users
--Accounting
--Engineering
--Production
--Sales
--Special ISA User Accounts
--Special User Accounts
--Disabled Users
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com "TechMasters" <kiosk@comcast.net> wrote in message news:jggi01dea0q4h7nr58p6p66eu58cbceri3@4ax.com... > > > Thanks, I want to use GPO filtering but is there any performance issue > assciated with GPO processing from having to do it this way?? (i.e > does a large group memebership enumerationf of the GPO filter slow > down its processin?) > > On Tue, 8 Feb 2005 15:34:12 -0600, "Steven L Umbach" > <n9rou@nospam-comcast.net> wrote: > > >You could either put the servers in an OU or use "filtering" so that the > >apply permissions for that GPO only applies to a global group you create and > >then put those servers computer accounts into that group. See the link below > >for the section on filtering Group Policy. --- Steve > > > >http://support.microsoft.com/default.aspx?scid=kb;en-us;322176 > > > >"TechMasters" <kiosk@comcast.net> wrote in message > >news:me3i019ps0avertlubaskjchmfoimc3mm2@4ax.com... > >> > >> Hi, > >> I need to implement a GPO thru my entire domain (one only) which only > >> applies to servers thou, and not the workstations. Is this possible? > >> I would like the GPO to be set at the Domain level and apply to > >> servers only, not anything else....thanks! > > >
- Next message: Jared Bassett: "Can WINS be disabled in Group Policy?"
- Previous message: Jimmy Andersson [MVP]: "Re: Security Policy Question"
- In reply to: TechMasters: "Re: GPO for servers only"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
