• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 303
  • Last Modified:

How do I change default options in Active Directory?

I am adding computer objects to group policy, but when I go to add an object, the default Object Types are Users, Groups, and Built-in security principals.  The fourth option, Computers, is unchecked and I have to go in and check it for each computer I want to add.  Is there a way I can have Computers checked by default?
0
EKSH-Tech
Asked:
EKSH-Tech
  • 8
  • 4
1 Solution
 
luv2smileCommented:
I'm kinda confused by your question. Do you mean when you are are changing the security filtering on the GPO?

You shouldn't really be adding many (if any at all) computers into the security filtering.

A good active directory design will have group policy organized thru the effective use of OUs.  

Please explain further what you are trying to do by "adding computer objects to group policy" and maybe we can help you find a better way to accomplish what you need.
0
 
EKSH-TechAuthor Commented:
We have group policies setup to administer software on our domain.  So say we get a new user in our firm, I setup their computer on our domain, then go into active directory to add that computer object to the appropriate group policies to have the appropriate software install from an .msi file.  Say, for example, new user X should have Acrobat 7.0 Standard installed on their machine.  I will go into our group policy called "Install Acrobat 7.0 Standard"  I click the "Add" button, and the "Select User, Computer, or Group" window pops up.  I would like to just type in the computer name for the new user's pc and click ok, but instead I have to click "Object Types" and check "Computers" in order to add a computer object.

We can't do managed software with user objects because our users are allowed to login on anyone's computer, but we only want their software installed on their own computer (for licensing reasons, primarily).  We can't have our group policies regarding software installations to be following users around on whatever computer they happen to be using.

Hopefully this makes sense... I just want to be able to change what boxes are checked by default under "Object Types" after I click "Add" in a group policy.
0
 
luv2smileCommented:
Well you are making group policy much more complex and time consuming than needed.  You don't need to be clicking the "add" button and adding computer ojbects for this.

You should have an OU for your computers and then just simply move the comptuer object into the appropriate OU whenever you have a new compter added (or have it default to the correct OU) and then it will receive the policy.

You should be applying group policy to an OU of users or computers or at the domain level.  If you want the policy to apply to all computers in your domain then you wouldn't have to do anything....when a computer is added, then they automatically get the policy if it is setup as a domain policy.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
luv2smileCommented:
"We can't have our group policies regarding software installations to be following users around on whatever computer they happen to be using."

You can setup software installtions as a comptuer policy by applying it to an OU of computer objects.
0
 
luv2smileCommented:
I know you asked a specific question, but I don't know of a way to do what you ask (i'm sure it may be some obscure setting in the registry or somewhere)....but my point is this:

You shouldn't be using security filtering to apply a policy each time a new comptuer is added. A good Active Directory design would allow for this thru simply moving around comptuer objects.
0
 
EKSH-TechAuthor Commented:
We do have an OU of all our computers on the domain, but there is no way to further break these up, as each computer has a different set of software.  Many will have the same software installed, but no two are exactly the same.  We have some software that only goes to certain departments, and some to others, then some that overlap.  Then there are also software installations that we apply to just a couple users in each department.  So for us to accomplish this using OU's, we would have to create an OU for each specific piece of software, and then add in the appropriate computers (which is pretty much exactly what I'm doing now, just I'm adding directly to the group policy instead of to an OU containing the computers for that group policy).  But in any case, I'm not a network admin and am in no position to make changes to our active directory setup.  I just setup computers for new users and wanted to skip that one extra step.  So I'm really just looking for that "obscure setting in the registry".  Not a big deal, I can do the extra couple mouse clicks, but after doing it a few hundred times, one wishes there was a way to keep that box checked.
0
 
luv2smileCommented:
Hmmm...ok, well maybe somebody else can answer your question. I don't know how to change the default :)
0
 
EKSH-TechAuthor Commented:
I appreciate your input luv2smile.  I will definitely show your comments to my admin.  If I can get him to setup OU's for each of our software groups then my "problem" (if two extra mouse clicks can be considered a problem) would be solved.  Thanks for your time.
0
 
luv2smileCommented:
You are welcome. As anytime with online help, I'm not aware of your network setup or how things are done in your network. Maybe there is a legit reason for things being the way they are :)

I just can't imagine using security filtering in such a way.....seems like it would get very confusing very quickly. OUs allow for nice organization and much easier troubleshooting.

Standard OU structure is to have an OU for each department in an organization and then under that OU have an OU for computers and an OU for users.

So for example, a very standard setup is often like this:
-----------------------

Domain- policy for all computers and users in the domain

Department OU-  
   Computer OU- policy for all computers in that OU
   Users OU- policy for users in that OU
0
 
luv2smileCommented:
And then for any software that just specifically needs to go to certain users then setup a policy and use security filtering only in those cases....not for every policy. Much less work and much more organized in my opinion :)
0
 
EKSH-TechAuthor Commented:
My admin was just talking about breaking our users into departmental OU's but couldn't see a clear way to do so with computers.  This might be the way he'll want to go.  Thanks again
0
 
luv2smileCommented:
You are welcome :)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now