Re: GPO ISSUE

It seems like your making things a little complicated for yourself.
Just remeber, applying GPOs to OUs is the easiest way to do this but
it means you have to have a well structured AD. I have mine set-up
with a general users OU, manangers OU, general machines OU, managers
OU. These 4 OUs mean I am able to apply any number of user or machine
GPOs.

Hope that helps a bit.

Good luck

On Oct 16, 2:24 pm, intel <in...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I created 2 GPO's. One called DesktopStandard and one called Desktopsearch.
Under Domain Global Groups I created another OU called Deployment Software
Global. The 2 groups are Desktopstandard Computers and Desktopsearch
Computers. Under Domain Local Groups I created another OU called
Deployment Software Local. The 2 groups here are called Desktopsearch
Group and Desktopstandard Group.
I have the Computers that I want to get these in the Domain Global group
(ex. PC named NY5500 (in Laptop OU) is a member of Desktopstandard
Computers)and Desktopstandard Computers would be a member of Desktopstandard
Group.
I have the GPO's link to both the Domain Controllers OU and Computers OU (I
created an OU named NY and under that I have an OU named Computers and under
that Laptops and then Workstations). When I run Group Policy Modeling on the
Computer OU it shows that both GPOS get applied. When I run it on NY5500 I
get that they are denied due to security filtering.
For Security filtering I removed Auth Users and for Desktopstandard GPO I
add Desktopstandard Group and for Desktopsearch I removed Auth Users and
added Desktopsearch group.
Now for the GPO linked to the Domain Controllers OU I have a Server named
Viper (in Domain Controllers OU) and the security filtering is the same and
it works.
I am just confused on why it works for the Domain Controllers OU but not for
the Computers OU especially when I run the Group Policy Modeling on the
Computers OU and it shows that they GPO's should be applied.
For the Desktopsearch GPO when I go to the GPO and select Delegation -
Advanced Desktopsearch Group has READ APPLY GPO and for
Same for Desktopstandard expect Desktopstandard Group has the READ APPLY GPO
rights.
Any help is greatly appreciated.


.

Relevant Pages

  • Re: GPO ISSUE
    ... Again I am just finding it weird that in Group Policy ... Computers and that is broken up between Laptops and Workstations. ... The 2 groups are Desktopstandard Computers and Desktopsearch ... For Security filtering I removed Auth Users and for Desktopstandard GPO ...
    (microsoft.public.windows.server.active_directory)
  • Exclude some users and computers form logout script
    ... Sales OU has SalesUsers OU and Sales Computers OU, ... There is also All Users GPO linked to domain that defines logout ... However it does not restrict other users from running logout scripts ... on Test Machines and Domain Controllers because Logout scripts are ...
    (microsoft.public.win2000.group_policy)
  • Exclude users and computers form logout script
    ... Sales OU has SalesUsers OU and Sales Computers OU, ... There is also All Users GPO linked to domain that defines logout ... However it does not restrict other users from running logout scripts ... on Test Machines and Domain Controllers because Logout scripts are ...
    (microsoft.public.windows.server.active_directory)
  • Re: GPO ISSUE
    ... Permissions are set under GPO properties "Security Filtering" ... To apply a GPO you need Read and Apply GPO rights, ... The 2 groups are Desktop Search Computers and ... DesktopSearch Group and DesktopStandard Group. ...
    (microsoft.public.windows.server.active_directory)
  • Re: GPO ISSUE
    ... Computers and that is broken up between Laptops and Workstations. ... The 2 groups are Desktopstandard Computers and Desktopsearch ... I have the GPO's link to both the Domain Controllers OU and Computers OU (I ... For Security filtering I removed Auth Users and for Desktopstandard GPO I ...
    (microsoft.public.windows.server.active_directory)