Solved

Applying Group Policy Correctly

Posted on 2006-07-18
2
286 Views
Last Modified: 2010-04-18
This is planned information just want to check if it will work before I do it.
Directory information:

CompanyWeb.Local (Domain) W2k3ent

 -->Workstations (OU)
       -->Mobile (OU)
       -->Remote (OU)
       -->Special (OU)

Ok, My Question, I have several WinXP(SP2) Clients that are placed between these 4 OU's. Now each of these OU's have different Group Policies applied to them. I have the policy to regulate similar settings applied to (excuse the NDS terminiology just stopped working for a company that used that and now with one that uses 2k3 and AD) Workstations.Companyweb.local. Now where I am not sure how this will work comes with the OU .Special.Workstations.CompanyWeb.local where as the policy in the Workstations has require CTRL-ALT-DEL to logon as enabled Clients in the Special (OU) need to have that as disabled. Now what I need to make sure is that All settings from the first Policy will be passed into Workstations in .special. but that the few settings in .special. Policy will override the settings of the first.

 My solution on how to do this is to just check the No Override in the Policy options but I wanted to make sure that it is only going to block ones that are explicity different and not block all settings from the Parent.
0
Comment
Question by:DonaldLandru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 175 total points
ID: 17134273
if you block inheritance you will block the entire policy.

i think your best bet would be to have an additional policy with your special settings

if you use security filtering, you can block users in any OU applying the group policy, and then with your smaller policy containing the special settings, let them apply it, and disable the other users from applying it

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

so basicall you would have two policies on an OU, one gets denied apply for certain users and then your other policy kicks in, of which the other users are denied on

make sense?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 75 total points
ID: 17134299
So far, so good.

You can simply reverse the CTRL+ALT+DEL requirement on the GPO attached to the Special OU.  The GPO closest to the object applies last and as long as the policy that sets this requirement further up the tree is not being enforced then it will simply use the last setting applied.

0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question