Advertisement

06.04.2008 at 07:53AM PDT, ID: 23456888
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.4

GPO Computer Configuration vs. User Configuration

Asked by mtsi in Active Directory, Windows Network Security, Windows 2003 Server

Tags: , ,

Hello All,

I'm having some difficulty with my GPO design.  I have the following OU's:

Company Users (with a "Users Policy" GPO)
Company Computers (with a "Computers Policy" GPO)

All Users (except Domain Admins - I'm leaving them in the default Users container) go into the Company Users OU, and all Computers go into the Company Computers OU.  My goal was to apply a GPO that only had the "User configuration" settings enabled for the Users OU, and a seperate GPO with only the "Computer Configuration" settings enabled for the Computers OU.  It is suggested by MS to break out the computers/users into separate OU's, and it seems to make sense to me.  I have found problems (and confusion) with this approach, and I need some guidance.

Problem #1 - I realized that any computer configuration settings that I set up would apply to ALL users of those client computers, even domain admins.  This is obviously a problem because when my Domain Admins log onto a client machine, I don't want them to have any restrictions.  I can't find much online about this, so I figure I am probably doing something wrong from a basic design standpoint.  There are a few workarounds I've found (ie explicitly DENY the domain admins group from the "Company Computers" GPO, or create another GPO that explicitly allows these settings and have it take precendence), but this doesn't seem like a clean setup.  And I feel like I'm missing something here.  Seems like a weird design.

Problem #2 - While looking through the GPO settings, I noticed several duplicate settings between Computer Configuration and User Configuration.  Why is that?  Why would any of the Administrative Template settings like "User Profiles" or "Logon" be located in the Computer Configuration?  It makes no sense to me.  Seems like the Computer Configuration portion should be for things like services, while the User Configuration portion should be for things like application permissions.

Problem #3 - There are some settings in Computer Configuration that aren't in User Configuration, so I won't be able to use them at all unless I apply them to ALL computers in the domain, and hence the Domain Admins as well.

Can someone shed some light on this for me?  I would realy appreciate it!Start Free Trial
 
Keywords: GPO Computer Configuration vs. User…
Title
1 GPO troubleshooting
2 Winexit.scr GPO
3 Any way to specify GPO's for specifi…
4 2003 ad gpo question
5 GPO problems
6 GPO not applied as a result of Filtering …
 
Loading Advertisement...
 
[+][-]06.04.2008 at 03:40PM PDT, ID: 21714825

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.05.2008 at 06:17AM PDT, ID: 21718984

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.05.2008 at 04:43PM PDT, ID: 21724980

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.06.2008 at 08:28AM PDT, ID: 21729967

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.07.2008 at 09:10AM PDT, ID: 21736019

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.09.2008 at 11:05AM PDT, ID: 21745172

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.09.2008 at 04:03PM PDT, ID: 21747348

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.10.2008 at 06:46AM PDT, ID: 21751170

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.10.2008 at 04:19PM PDT, ID: 21755824

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Active Directory, Windows Network Security, Windows 2003 Server
Tags: Microsoft, Windows Server, 2003
Sign Up Now!
Solution Provided By: Jay_Jay70
Participating Experts: 1
Solution Grade: A
 
 
[+][-]06.19.2008 at 11:35AM PDT, ID: 21825021

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.19.2008 at 04:08PM PDT, ID: 21827234

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20081112-EE-VQP-44 / EE_QW_2_20070628