Re: Group policy to apply only to some workstations

Gregg Hill wrote:
Lanwench,

Is it safe to assume that moving computers out of SBSComputers and
into a new OU under MyBusiness > Computers will not cause them to
lose any settings? The reason I was looking at putting it under
SBSComputers is because I thought that the SBSComputers OU had
specific settings that I needed to keep. I thought that keeping it
under SBSComputers would make all those settings apply, and add only
what I make in the new GPO.
I do not understand group policy very much, so I will do as you
suggested, of course!

Gregg Hill


SBS (default) Group Policies are Domain and Domain Controler OU level
linked.

The wizards create the objects in those OUs. I usually create a child OU
under the SBS default ones where special policies need to be applied for a
machine or user subset when I choose not to use security filters.







"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:OIRScTKpIHA.1164@xxxxxxxxxxxxxxxxxxxxxxx
Gregg Hill <bogus@xxxxxxxxxxx> wrote:
Hello!

I want to create a group policy to lock down a client's computers in
the factory, but not the ones in the office. I have a lock-down GPO
for terminal servers that works perfectly, but it is in an OU
outside of the normal SBS OU structure, i.e., it is directly under
the office.lan domain in ADUC.
I want all normal SBS GPO settings for "SBSComputers" to apply to
these workstations, and add the restricted GPO settings. I am
thinking that I can create a sub-container(?)

An OU (not a sub-anything)

such as "MyBusiness >
Computers > SBSComputers > Restricted Computers" and move the
desired computers to that sub-container.

Put it under MyBusiness\Computers, not under SBSComputers.

Note that any computer (not user) specific GPO settings applied at a
higher level (e.g., the domain or MyBusiness or Computers will be
applied. Remember to always create your own GPOs - don't edit the
defaults -
and be very careful with what you do. You may want to implement
loopback processing in the Restricted Computers GPO. Test first!

Am I even close to being on the right track? If not, would someone
be so kind as to throw the switch for me?

Thank you!

Gregg Hill

--
/kj


.

Relevant Pages

  • Re: Group policy to apply only to some workstations
    ... Inheritance" tab under SBSComputers, it shows a bunch of linked GPOs. ... I guess the next question would be "Why do the computers even need to be ... I have a lock-down GPO ... I want all normal SBS GPO settings for "SBSComputers" to apply to ...
    (microsoft.public.windows.server.sbs)
  • Re: Group policy to apply only to some workstations
    ... new OU under MyBusiness> Computers will not cause them to lose any ... The reason I was looking at putting it under SBSComputers is ... I have a lock-down GPO ... I want all normal SBS GPO settings for "SBSComputers" to apply to ...
    (microsoft.public.windows.server.sbs)
  • Re: Group policy to apply only to some workstations
    ... Inheritance" tab under SBSComputers, it shows a bunch of linked GPOs. ... settting to only select computers or block some standard SBS (domain GPO) ...
    (microsoft.public.windows.server.sbs)
  • Re: Group policy to apply only to some workstations
    ... Gregg Hill wrote: ... the GPMC and clicked on SBSComputers, and there are no GPOs linked. ... I guess the next question would be "Why do the computers even need ... GPO) settings from applying to select computers? ...
    (microsoft.public.windows.server.sbs)
  • Re: ADUC & SBS groups
    ... MyBusiness and SBSComputers are both OUs. ... icons are different - when you look at them in the Group Policy Management ... the workstation, and I agree that you should be able to perform normal ... the Add Computer wizard in SBS places the computers in the latter ...
    (microsoft.public.windows.server.sbs)
Loading