Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Applying Group Policy Correctly

Posted on 2006-07-18
2
Medium Priority
?
290 Views
Last Modified: 2010-04-18
This is planned information just want to check if it will work before I do it.
Directory information:

CompanyWeb.Local (Domain) W2k3ent

 -->Workstations (OU)
       -->Mobile (OU)
       -->Remote (OU)
       -->Special (OU)

Ok, My Question, I have several WinXP(SP2) Clients that are placed between these 4 OU's. Now each of these OU's have different Group Policies applied to them. I have the policy to regulate similar settings applied to (excuse the NDS terminiology just stopped working for a company that used that and now with one that uses 2k3 and AD) Workstations.Companyweb.local. Now where I am not sure how this will work comes with the OU .Special.Workstations.CompanyWeb.local where as the policy in the Workstations has require CTRL-ALT-DEL to logon as enabled Clients in the Special (OU) need to have that as disabled. Now what I need to make sure is that All settings from the first Policy will be passed into Workstations in .special. but that the few settings in .special. Policy will override the settings of the first.

 My solution on how to do this is to just check the No Override in the Policy options but I wanted to make sure that it is only going to block ones that are explicity different and not block all settings from the Parent.
0
Comment
Question by:DonaldLandru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 700 total points
ID: 17134273
if you block inheritance you will block the entire policy.

i think your best bet would be to have an additional policy with your special settings

if you use security filtering, you can block users in any OU applying the group policy, and then with your smaller policy containing the special settings, let them apply it, and disable the other users from applying it

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

so basicall you would have two policies on an OU, one gets denied apply for certain users and then your other policy kicks in, of which the other users are denied on

make sense?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 300 total points
ID: 17134299
So far, so good.

You can simply reverse the CTRL+ALT+DEL requirement on the GPO attached to the Special OU.  The GPO closest to the object applies last and as long as the policy that sets this requirement further up the tree is not being enforced then it will simply use the last setting applied.

0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question