• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

Getting GP to work in an OU


I've been asked to setup win 2003 standard server for our local school.  I've installed it on a new computer with roaming profiles.  Having several small problems as I dont know anything about roaming profiles but trying to learn fast.  One of these problems is that I cant seem to get GP to work in OU. I have setup different OU's, ie teachers, students etc.  The users are inside these OU's.  When I right click on an OU and got to properties then GP tab and edit the policy, and in User Configuration / Administrator template I can set the students to not see the run command but it is still available to them.  I've tried rebooting the server and local machines to no avail.  Also ran gpupdate on local machine.  Local machines are running WinXP.
2 Solutions
for starters download the group policy management console:

if you run a "resultant set of policy"  on a computer/user it might give you the info you need to see what the prob is.

Most likely it has to do with security filtering , you can select what users/groups/computers a policy applies to:

hope this helps.....
Hi shootanz,

i will advice not using the GPMC until you understand GPO - its an add on which you can optimise when you understand it a little more

if you have made your settings and your user resides inside the ou, from the client machine start - run - cmd    gpupdate /force   see if that helps

run gpresult on a client machine and see if it is seeing the policy
download the new GP console (off MS website) The new console is MUCH easier to understand, i disagree with jay, i think you should use the new console.

I like to add users to groups and apply the group polciy to that group

I recamend doing a easy policy like hide screensaver tab. This will be easy to see if it is working.

Remember if you make changes to the user section of GP, you need to add users (or groups with users in it) to the security filitering

Same goes for the computer section, you need to add computers (or groups with computers in it)  

If you add users to the security filtering, but make changes in the computers section nothing will be processed.

make sure you have the group policy "links" section filled with the OU location you want applied.

Step 1 . Links - Location
So if you have a OU called "office 1" make sure have "office 1" in the location section.

Step 2 . Security filtering - Name
So if you have a group called "HR" with 4 computers in it, make sure it is in the Security filtering/Name section.

Once you do that you will need to reboot you workstations a few times (2 or 3) and your GP's should be correctly applied. (you can run GPupdate /force but that does not apply all policys .. some still require a reboot)

Good Luck!
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

you apply group policies to OU's not groups, groups are used for the security filtering side which you dont need to worry about whilst just learning.......

the GPMC is a great tool when your more advanced but the linking side of things will just be confusing at the moment - there is realistically not much need for GPMC ESPECIALLY when you are learning
shootanzAuthor Commented:
Thanks to everyone for your help.  I've got it sorted now, well I think I have.  It is working although I haven't done anything in security filering.  Especial thanks to rutten-d for the link to gpmc as I used it and found that it is better to understand and impliment.  Also thanks to bilbus for his indepth answer.  I found this link that was easy to follow and set up the link between GPO and OU.  http://www.learnthat.com/certification/learn.asp?id=424&index=7

Now onto the next problem, I hope you can help again so quickly...it was much appreciated.
well then i take it back about GPMC, i would have though basic GP was easier to start with but hey

cheers to you both

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now