Re: Group policy to apply only to some workstations

Lanwench,

Is it safe to assume that moving computers out of SBSComputers and into a
new OU under MyBusiness > Computers will not cause them to lose any
settings? The reason I was looking at putting it under SBSComputers is
because I thought that the SBSComputers OU had specific settings that I
needed to keep. I thought that keeping it under SBSComputers would make all
those settings apply, and add only what I make in the new GPO.

I do not understand group policy very much, so I will do as you suggested,
of course!

Gregg Hill





"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OIRScTKpIHA.1164@xxxxxxxxxxxxxxxxxxxxxxx
Gregg Hill <bogus@xxxxxxxxxxx> wrote:
Hello!

I want to create a group policy to lock down a client's computers in
the factory, but not the ones in the office. I have a lock-down GPO
for terminal servers that works perfectly, but it is in an OU outside
of the normal SBS OU structure, i.e., it is directly under the
office.lan domain in ADUC.
I want all normal SBS GPO settings for "SBSComputers" to apply to
these workstations, and add the restricted GPO settings. I am
thinking that I can create a sub-container(?)

An OU (not a sub-anything)

such as "MyBusiness >
Computers > SBSComputers > Restricted Computers" and move the desired
computers to that sub-container.

Put it under MyBusiness\Computers, not under SBSComputers.

Note that any computer (not user) specific GPO settings applied at a
higher level (e.g., the domain or MyBusiness or Computers will be applied.

Remember to always create your own GPOs - don't edit the defaults - and be
very careful with what you do. You may want to implement loopback
processing in the Restricted Computers GPO. Test first!

Am I even close to being on the right track? If not, would someone be
so kind as to throw the switch for me?

Thank you!

Gregg Hill





.

Relevant Pages

  • Re: Group policy to apply only to some workstations
    ... Inheritance" tab under SBSComputers, it shows a bunch of linked GPOs. ... I guess the next question would be "Why do the computers even need to be ... I have a lock-down GPO ... I want all normal SBS GPO settings for "SBSComputers" to apply to ...
    (microsoft.public.windows.server.sbs)
  • Re: Group policy to apply only to some workstations
    ... Inheritance" tab under SBSComputers, it shows a bunch of linked GPOs. ... settting to only select computers or block some standard SBS (domain GPO) ...
    (microsoft.public.windows.server.sbs)
  • Re: Group policy to apply only to some workstations
    ... Gregg Hill wrote: ... the GPMC and clicked on SBSComputers, and there are no GPOs linked. ... I guess the next question would be "Why do the computers even need ... GPO) settings from applying to select computers? ...
    (microsoft.public.windows.server.sbs)
  • Re: ADUC & SBS groups
    ... MyBusiness and SBSComputers are both OUs. ... icons are different - when you look at them in the Group Policy Management ... the workstation, and I agree that you should be able to perform normal ... the Add Computer wizard in SBS places the computers in the latter ...
    (microsoft.public.windows.server.sbs)
  • Re: Group policy to apply only to some workstations
    ... Inheritance" tab under SBSComputers, it shows a bunch of linked GPOs. ... settting to only select computers or block some standard SBS (domain GPO) ...
    (microsoft.public.windows.server.sbs)