Group Policy, Application of User Configuration & Computer Configuration as they realte to User OU & Computer OU

Scenario:

     I have two OUs

     Employees - OU that contains all active employees
     Workstations - OU that contains all active computers (Servers & laptops excluded)

     I have two Security Groups

     Employees - Global Security Group that contains all of the current employees
     Workstations - Global Security Group that contains all of the active workstations in the Domain.

     Have one GPO, 'Proxy Settings', which configures IE to use a proxy server and disables the end-users ability to change proxy settings in IE.

     I would like to apply this policy to the Workstations OU, even though the GPO settings being used are in the 'User Configuration' section of GPO.
     I do not want this policy applied based on the users membership in a security group. I only want this policy applied to the workstations
    and all of the users that logon to these workstations.

    Would I need to add all of my users and all of my workstations to the same security group and then use this security group in 'Security Filtering' for the GPO?

   Or Am I out in left field?



keatsconAsked:
Who is Participating?
 
tactonic_grateCommented:
I normally apply proxy settings at domain OU level- since you want all users/machines in your domain to have this applied. The key is when you said, "I only want this policy applied to the workstations and all the users that logon to these workstations". If you don't want the settings to apply to administrators (or associated groups) filter those out.

If you really want to apply User Configuration settings to machines, then what you might be able to do is still have your GPO defined on the "Workstations" OU but use "Loopback Processing" of the GPO. See the MS article here:

http://support.microsoft.com/kb/231287/

Good luck!

Tac
0
 
tactonic_grateCommented:
Just found this too- looks good to me:

http://www.jsifaq.com/SUBU/tip10000/rh10097.htm

Tac :)
0
 
cbeeeCommented:
the key to this question is -

"I do not want this policy applied based on the users membership in a security group. I only want this policy applied to the workstations and all of the users that logon to these workstations."

So, all you need to do is to create\link the 'Proxy Settings' GPO to the 'Workstations' OU.
0
 
Netman66Commented:
If the Proxy settings are in the User Configuration portion of the GPO, then the settings apply to Users - NOT workstations.  Since the User Accounts must be in the path of the GPO for it to apply, linking it to the workstation OU is not going to do anything for you.

You have 2 choices:

1)  As already mentioned, enable Loopback Processing on the GPO.  Computer Config>Admin Templates>System>Group Policy::User group policy loopback processing mode.

2)  Link the GPO to the Employess OU.

Security groups are not going to help you in this scenario.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.