RE: GPO not being applied to OU
- From: Mike W <MikeW@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 1 Apr 2005 11:35:07 -0800
We figured that the computers were part of the "authenticated users" group.
But we didn't try linking the GPO to the "workstations OU" as yet. Will try
that later when most of the users aren't online, just in case murphy decides
to visit me again this week.
Thanks for the info. GPO is starting to become clear in my mind..... ok, no
it's not heheh
"Dave" wrote:
> although you wouldn't think so, authenticated users also contains computer
> accounts as well. when the computer that is part of the domain boots up, it
> actually authenticates with a local domian controller. this then makes it a
> member of the authenticated users group. I am looking for information on this
> "Special Identity Group" but having a hard time finding it. and yes,
> "visiting users" from another OU would have permission to have the GPO
> applied (because as you stated they are in teh authenticated users group) but
> it won't apply because they aren't in the OU itself.....it would never
> attempt to apply it to them.
>
> After reading
> your scenario again though, it sounds like you are applying the GPO only to
> the users OU...only user settings will affect that OU and its users, computer
> settings will be ignored (assuming there are no computer accounts in
> it)....you will need to also link the GPO to the computers OU (or created a
> new GPO with computer settings and link it).
>
>
> "Mike W" wrote:
>
> > I was under the impression that "authenticated users" meant everyone that was
> > authorized to logon the network, regardless of what OU they belong to. All
> > the reference material I have read leans towards that line of thought,
> > although none of them seem to state it directly.
> >
> > "Dave" wrote:
> >
> > > I believe you need to readd authenticated users, as that would include the
> > > computer accounts that you wish to apply it to. visitors from other OUs will
> > > not have user policies applied, as they only apply to users within the OU you
> > > link the GPO to. remember that computer GPO settings will only apply to
> > > computer accounts and the GPO must be linked to the OU that contains the
> > > computer accounts.
> > >
> > > "Mike W" wrote:
> > >
> > > > We have a GPO setup in an OU with the following child OUs: Users,
> > > > Workstations. The GPO is being applied to the users, but not the
> > > > workstations. rsop.msc shows only the local policy in place for the computer
> > > > configuration section of the policy. gpresult.exe says "not applied (reason
> > > > unknown)" for the computer configuration.
> > > >
> > > > In looking at security settings for the GPO, Authenticated users was removed
> > > > and replaced with the group containing the users listed in the Users OU.
> > > > This was done to prevent the policy from being applied to "visitors" from
> > > > other OUs. But by doing this, didn't we end up excluding the computers in
> > > > our OU as well? If so, how would we repair this? Link the GPO to the
> > > > Workstations OU? Change the security setting on the parent OU for the GPO?
> > > > Would this include having to create a security group with all the computers
> > > > listed?
> > > >
> > > > Thanks for the enlightenment.
.
- Follow-Ups:
- RE: GPO not being applied to OU
- From: Dave
- RE: GPO not being applied to OU
- References:
- GPO not being applied to OU
- From: Mike W
- RE: GPO not being applied to OU
- From: Dave
- RE: GPO not being applied to OU
- From: Mike W
- RE: GPO not being applied to OU
- From: Dave
- GPO not being applied to OU
- Prev by Date: RE: GPO not being applied to OU
- Next by Date: RE: GPO not being applied to OU
- Previous by thread: RE: GPO not being applied to OU
- Next by thread: RE: GPO not being applied to OU
- Index(es):
Relevant Pages
|
