Getting GP to work in an OU

Posted on 2006-05-09
Last Modified: 2012-06-21

I've been asked to setup win 2003 standard server for our local school.  I've installed it on a new computer with roaming profiles.  Having several small problems as I dont know anything about roaming profiles but trying to learn fast.  One of these problems is that I cant seem to get GP to work in OU. I have setup different OU's, ie teachers, students etc.  The users are inside these OU's.  When I right click on an OU and got to properties then GP tab and edit the policy, and in User Configuration / Administrator template I can set the students to not see the run command but it is still available to them.  I've tried rebooting the server and local machines to no avail.  Also ran gpupdate on local machine.  Local machines are running WinXP.
Question by:shootanz
    LVL 4

    Accepted Solution

    for starters download the group policy management console:

    if you run a "resultant set of policy"  on a computer/user it might give you the info you need to see what the prob is.

    Most likely it has to do with security filtering , you can select what users/groups/computers a policy applies to:

    hope this helps.....
    LVL 48

    Expert Comment

    Hi shootanz,

    i will advice not using the GPMC until you understand GPO - its an add on which you can optimise when you understand it a little more

    if you have made your settings and your user resides inside the ou, from the client machine start - run - cmd    gpupdate /force   see if that helps

    run gpresult on a client machine and see if it is seeing the policy
    LVL 8

    Assisted Solution

    download the new GP console (off MS website) The new console is MUCH easier to understand, i disagree with jay, i think you should use the new console.

    I like to add users to groups and apply the group polciy to that group

    I recamend doing a easy policy like hide screensaver tab. This will be easy to see if it is working.

    Remember if you make changes to the user section of GP, you need to add users (or groups with users in it) to the security filitering

    Same goes for the computer section, you need to add computers (or groups with computers in it)  

    If you add users to the security filtering, but make changes in the computers section nothing will be processed.

    make sure you have the group policy "links" section filled with the OU location you want applied.

    Step 1 . Links - Location
    So if you have a OU called "office 1" make sure have "office 1" in the location section.

    Step 2 . Security filtering - Name
    So if you have a group called "HR" with 4 computers in it, make sure it is in the Security filtering/Name section.

    Once you do that you will need to reboot you workstations a few times (2 or 3) and your GP's should be correctly applied. (you can run GPupdate /force but that does not apply all policys .. some still require a reboot)

    Good Luck!
    LVL 48

    Expert Comment

    you apply group policies to OU's not groups, groups are used for the security filtering side which you dont need to worry about whilst just learning.......

    the GPMC is a great tool when your more advanced but the linking side of things will just be confusing at the moment - there is realistically not much need for GPMC ESPECIALLY when you are learning

    Author Comment

    Thanks to everyone for your help.  I've got it sorted now, well I think I have.  It is working although I haven't done anything in security filering.  Especial thanks to rutten-d for the link to gpmc as I used it and found that it is better to understand and impliment.  Also thanks to bilbus for his indepth answer.  I found this link that was easy to follow and set up the link between GPO and OU.

    Now onto the next problem, I hope you can help again so was much appreciated.
    LVL 48

    Expert Comment

    well then i take it back about GPMC, i would have though basic GP was easier to start with but hey

    cheers to you both

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now