keatscon
asked on
Group Policy, Application of User Configuration & Computer Configuration as they realte to User OU & Computer OU
Scenario:
I have two OUs
Employees - OU that contains all active employees
Workstations - OU that contains all active computers (Servers & laptops excluded)
I have two Security Groups
Employees - Global Security Group that contains all of the current employees
Workstations - Global Security Group that contains all of the active workstations in the Domain.
Have one GPO, 'Proxy Settings', which configures IE to use a proxy server and disables the end-users ability to change proxy settings in IE.
I would like to apply this policy to the Workstations OU, even though the GPO settings being used are in the 'User Configuration' section of GPO.
I do not want this policy applied based on the users membership in a security group. I only want this policy applied to the workstations
and all of the users that logon to these workstations.
Would I need to add all of my users and all of my workstations to the same security group and then use this security group in 'Security Filtering' for the GPO?
Or Am I out in left field?
I have two OUs
Employees - OU that contains all active employees
Workstations - OU that contains all active computers (Servers & laptops excluded)
I have two Security Groups
Employees - Global Security Group that contains all of the current employees
Workstations - Global Security Group that contains all of the active workstations in the Domain.
Have one GPO, 'Proxy Settings', which configures IE to use a proxy server and disables the end-users ability to change proxy settings in IE.
I would like to apply this policy to the Workstations OU, even though the GPO settings being used are in the 'User Configuration' section of GPO.
I do not want this policy applied based on the users membership in a security group. I only want this policy applied to the workstations
and all of the users that logon to these workstations.
Would I need to add all of my users and all of my workstations to the same security group and then use this security group in 'Security Filtering' for the GPO?
Or Am I out in left field?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the key to this question is -
"I do not want this policy applied based on the users membership in a security group. I only want this policy applied to the workstations and all of the users that logon to these workstations."
So, all you need to do is to create\link the 'Proxy Settings' GPO to the 'Workstations' OU.
"I do not want this policy applied based on the users membership in a security group. I only want this policy applied to the workstations and all of the users that logon to these workstations."
So, all you need to do is to create\link the 'Proxy Settings' GPO to the 'Workstations' OU.
If the Proxy settings are in the User Configuration portion of the GPO, then the settings apply to Users - NOT workstations. Since the User Accounts must be in the path of the GPO for it to apply, linking it to the workstation OU is not going to do anything for you.
You have 2 choices:
1) As already mentioned, enable Loopback Processing on the GPO. Computer Config>Admin Templates>System>Group Policy::User group policy loopback processing mode.
2) Link the GPO to the Employess OU.
Security groups are not going to help you in this scenario.
You have 2 choices:
1) As already mentioned, enable Loopback Processing on the GPO. Computer Config>Admin Templates>System>Group Policy::User group policy loopback processing mode.
2) Link the GPO to the Employess OU.
Security groups are not going to help you in this scenario.
http://www.jsifaq.com/SUBU/tip10000/rh10097.htm
Tac :)