Solved

Applying Group Policy Correctly

Posted on 2006-07-18
2
284 Views
Last Modified: 2010-04-18
This is planned information just want to check if it will work before I do it.
Directory information:

CompanyWeb.Local (Domain) W2k3ent

 -->Workstations (OU)
       -->Mobile (OU)
       -->Remote (OU)
       -->Special (OU)

Ok, My Question, I have several WinXP(SP2) Clients that are placed between these 4 OU's. Now each of these OU's have different Group Policies applied to them. I have the policy to regulate similar settings applied to (excuse the NDS terminiology just stopped working for a company that used that and now with one that uses 2k3 and AD) Workstations.Companyweb.local. Now where I am not sure how this will work comes with the OU .Special.Workstations.CompanyWeb.local where as the policy in the Workstations has require CTRL-ALT-DEL to logon as enabled Clients in the Special (OU) need to have that as disabled. Now what I need to make sure is that All settings from the first Policy will be passed into Workstations in .special. but that the few settings in .special. Policy will override the settings of the first.

 My solution on how to do this is to just check the No Override in the Policy options but I wanted to make sure that it is only going to block ones that are explicity different and not block all settings from the Parent.
0
Comment
Question by:DonaldLandru
2 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 175 total points
ID: 17134273
if you block inheritance you will block the entire policy.

i think your best bet would be to have an additional policy with your special settings

if you use security filtering, you can block users in any OU applying the group policy, and then with your smaller policy containing the special settings, let them apply it, and disable the other users from applying it

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

so basicall you would have two policies on an OU, one gets denied apply for certain users and then your other policy kicks in, of which the other users are denied on

make sense?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 75 total points
ID: 17134299
So far, so good.

You can simply reverse the CTRL+ALT+DEL requirement on the GPO attached to the Special OU.  The GPO closest to the object applies last and as long as the policy that sets this requirement further up the tree is not being enforced then it will simply use the last setting applied.

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO Access denied in AD 12 50
Need MS Windows 2003 R2 (32) support tools 3 79
Bizarre hard disk problem 15 123
Can’t delete a file 14 163
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question