Group Policies with Windows 2000 Server

Posted on 2003-03-29
Medium Priority
Last Modified: 2010-04-13
Hi, i have a windows 2k server and i have an active directory running. i have most of my users in "users" however some of these users need a lot of the possible rights, some need only to run certain apps.  i was wondering if it is possible to keep all the users in the "users" OU and then make separate OUs for "Applications,"  "Admin Staff" and so on.  And then put a single group in each of these OUs.  I would then apply policies to the OUs.  I'm wondering if the policies on these OUs would go to those groups (inside the OUs) and then go to the users (in "users") who are a part of that group.  Is there a way to make this work?
Question by:dragin33
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 26

Accepted Solution

Vahik earned 100 total points
ID: 8234888
Group policies are applied based on the location of the object in active directory.So if ur users are created in users ou then u will have two policies at most that will apply to them.Any policy applied at domain level with no override option enabled will be applied to all users and computers.If no override is not enabled then both ou and
domain policies will apply unless there is conflict which
in that case ou policy will override domain policy.But if i am correct that u have created all these users and groups in ur users container then no ou policy will be applied to them.

Author Comment

ID: 8234952
The users are located in "users" the groups are in different OUs

Assisted Solution

MSGeek earned 100 total points
ID: 8240462
The answer is yes.  If you assosciate a GPO with an OU and that OU contains a group, any member of that group will see the effects of that GPO unless as Vhik stated there is a policy in conflict with the domain group policy and no override has been selected.

Expert Comment

ID: 8595565
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,


- If you would like to close this question and have your points refunded, please post a question in community support area on http://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you      


Cleanup Volunteer


Expert Comment

ID: 8602641
I would object to a refund, the responses are accurate and correct.

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month14 days, 3 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question