Solved

group policy for multiple groups

Posted on 2004-04-22
9
213 Views
Last Modified: 2010-04-13
I have a user that is a member of two different user groups. How do I get two different group policies from two different OU's to apply to her.
0
Comment
Question by:bluespringsit
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 4

Accepted Solution

by:
Drizzt420 earned 125 total points
ID: 10892584
Can't you just link the GPO or recreate a similiar one in the users home OU? if you do not want the GPO to affect anyone in the OU but her, just edit the security settings of the GPO by going to its properties and remove all access control list entries and then add just her user account.
0
 

Author Comment

by:bluespringsit
ID: 10892760
Their Home OU? I believe the user object can only belong to one OU. I'd hate to have to go into every OU that has a user that belongs to more then one User Group and create another group policy just for them. Theres got to be a bettter way to do it. (i hope)
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10892866
GPO's apply to user objects, not to groups.
every GPO that you need to apply to a user needs to be set above that user.
the only alternative to this is if you have specific machines where you want these users to have different settings

based on your requirements, it sounds like you have GPO's that apply to certain groups (not users)
apply all GPO's at the top level of the domain, and then restrict the ability to apply that GPO to the appropriate group
Then everyone part of that group (no matter what ou they are in) will apply the  policy, and all users that are not in that group will not apply it.

P.S.  I highly recommend GPMC for policy management.  Very helpful additions to the interface
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 1

Expert Comment

by:dltsd
ID: 10893913
The group policies can only be applied to the OU or container that the user resides in. You can't apply GPO's to groups. Her group memberships should not effect what policies are applied to the Container or OU where her user account resides.

What policy wise does she need that is different in the 2 policies. The easiest solution to this may be to just move her User object to the OU that has a less restrictive policy.
0
 
LVL 15

Expert Comment

by:sr75
ID: 10895655
I believe it can be done with Nesting.

You can only assign GPOs to OUs and Sub OUs only.  If the user is in one group under one OU, then create another group and add the user to that group and have that group be nested in the appropriate group in the other OU.  I know you can do this across domains (so it should work across OUs).
0
 
LVL 15

Expert Comment

by:sr75
ID: 10895675
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10902496
were you able to try applying the policies with security filtering  bluespringsit?
do you need more info on this?
0
 

Author Comment

by:bluespringsit
ID: 10953236
Sorry it took so long to get back. I understand now how to nest the OU's to utilize the security settings, but I still have an issue. I am organizing active directory into OUs named after the departments. This particular lady is actually part of two departments, so she will need two different departmental drives mapped. What would you do in this case? I also have a set of internet explorer favorites that are set for one of the departments. Since you can only put a user object in one OU, and if those OU's are not nested, what would you do?
0
 
LVL 7

Expert Comment

by:spareticus
ID: 10959577
(summary of comments above)
create a group for each department
create a GPO for each department
set each GPO to only apply to members of the department group
apply all GPO's at the top level of the domain

only GPO's where the user is part of the appropriate group will apply
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Adding Computers to AD groups through an SCCM Task Sequence
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question