Solved

how to set up a group policy attached to a group or single user

Posted on 2007-03-30
2
214 Views
Last Modified: 2010-04-20
I am trying to figure out how I can attach a group policy to either a user or a group of users within a OU. Specifically, I am setting up remote access using terminal server. I want to create the group policy in the same container as where the users are currently located. domainname.ca.local/local users
Normally, I would create another OU right under local users and call it ts users...
domainname.ca.local/local users/ts users
...but I believe there is a way to do it so that I can use the same OU where the users are located and just add them to a group to take on the group policy. I am running Windows 2003 Standard
Thanks in advance for the help
0
Comment
Question by:johnbowden
2 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18824878
You're thinking of security group filtering, wherein you modify the Permissions of a GPO. By default, every GPO has a security entry for "Authenticated Users" of "Allow - Read, Apply Group Policy".  You can either:

[1] Remove the entry for Authenticated users and create an "Allow - Read, Apply Group Policy" entry for only those users who should receive the policy, or

[2] Leave the Authenticated Users entry in place and create a "DENY - Read, Apply Group Policy" entry to exclude a specific subset of users who should NOT receive the policy.

Here's a good tutorial from Mitch Tulloch on how to set this up in the GP Management Console: http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:johnbowden
ID: 18825037
that's exactly what I'm looking for. Thanks!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question