Solved

Applying Group Policy Correctly

Posted on 2006-07-18
2
287 Views
Last Modified: 2010-04-18
This is planned information just want to check if it will work before I do it.
Directory information:

CompanyWeb.Local (Domain) W2k3ent

 -->Workstations (OU)
       -->Mobile (OU)
       -->Remote (OU)
       -->Special (OU)

Ok, My Question, I have several WinXP(SP2) Clients that are placed between these 4 OU's. Now each of these OU's have different Group Policies applied to them. I have the policy to regulate similar settings applied to (excuse the NDS terminiology just stopped working for a company that used that and now with one that uses 2k3 and AD) Workstations.Companyweb.local. Now where I am not sure how this will work comes with the OU .Special.Workstations.CompanyWeb.local where as the policy in the Workstations has require CTRL-ALT-DEL to logon as enabled Clients in the Special (OU) need to have that as disabled. Now what I need to make sure is that All settings from the first Policy will be passed into Workstations in .special. but that the few settings in .special. Policy will override the settings of the first.

 My solution on how to do this is to just check the No Override in the Policy options but I wanted to make sure that it is only going to block ones that are explicity different and not block all settings from the Parent.
0
Comment
Question by:DonaldLandru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 175 total points
ID: 17134273
if you block inheritance you will block the entire policy.

i think your best bet would be to have an additional policy with your special settings

if you use security filtering, you can block users in any OU applying the group policy, and then with your smaller policy containing the special settings, let them apply it, and disable the other users from applying it

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

so basicall you would have two policies on an OU, one gets denied apply for certain users and then your other policy kicks in, of which the other users are denied on

make sense?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 75 total points
ID: 17134299
So far, so good.

You can simply reverse the CTRL+ALT+DEL requirement on the GPO attached to the Special OU.  The GPO closest to the object applies last and as long as the policy that sets this requirement further up the tree is not being enforced then it will simply use the last setting applied.

0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Learn about cloud computing and its benefits for small business owners.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question