Group Policies with Windows 2000 Server

Hi, i have a windows 2k server and i have an active directory running. i have most of my users in "users" however some of these users need a lot of the possible rights, some need only to run certain apps.  i was wondering if it is possible to keep all the users in the "users" OU and then make separate OUs for "Applications,"  "Admin Staff" and so on.  And then put a single group in each of these OUs.  I would then apply policies to the OUs.  I'm wondering if the policies on these OUs would go to those groups (inside the OUs) and then go to the users (in "users") who are a part of that group.  Is there a way to make this work?
dragin33Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

VahikCommented:
Group policies are applied based on the location of the object in active directory.So if ur users are created in users ou then u will have two policies at most that will apply to them.Any policy applied at domain level with no override option enabled will be applied to all users and computers.If no override is not enabled then both ou and
domain policies will apply unless there is conflict which
in that case ou policy will override domain policy.But if i am correct that u have created all these users and groups in ur users container then no ou policy will be applied to them.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dragin33Author Commented:
The users are located in "users" the groups are in different OUs
0
MSGeekCommented:
The answer is yes.  If you assosciate a GPO with an OU and that OU contains a group, any member of that group will see the effects of that GPO unless as Vhik stated there is a policy in conflict with the domain group policy and no override has been selected.
0
cempashaCommented:
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,

****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********

- If you would like to close this question and have your points refunded, please post a question in community support area on http://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you      

Pasha

Cleanup Volunteer


0
MSGeekCommented:
I would object to a refund, the responses are accurate and correct.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.