[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 293
  • Last Modified:

We have a GPO that is located in one OU per the GPO editor yet it is still applying to other OUs. What could cause this to happen?

We have a GPO that is located in one OU per the GPO editor yet it is still applying to other OUs.  What could cause this to happen?
0
EMJTech
Asked:
EMJTech
1 Solution
 
kamalgopiCommented:
this can happen may be you can check if this is applied at the domain level.  or may be you can check if some one has changed some settings in the default domain policy.

Hope this helps
Cheers:)
Kamal
0
 
EMJTechAuthor Commented:
how do i check to see if it is applied at the domain level?
0
 
kamalgopiCommented:
open group policy management and then expand the forest and then domain -> ur domain .com and then expand it and see if the policy is applied there or not.
if not go once you expand your domian there will be somethng called group policy objects expand it and select it and on the right hand side check if it applied to the domain level or OU level.

Cheers:)
Kamal
0
 
ocon827679Commented:
Is the OU that the GPO being applied above the OU's that are in question?  If so, that's how it works unless you block inheritance of the policy.  

Otherwise use the GPMC as kamalgopi states to see where the policy is linked.

You can run gpresult on workstations which will tell you what policies are being applied, then use the GPMC to view/edit those policies.
0
 
rpartingtonCommented:
Ditto the above.
If you have installed the GPMC

Click on the OU in question on the left,
On the right you have a Group Policy Inheritance Tab,
Select this tab,
You will notice you have a Location field.
This is what your interested in,
This tells you where your polices are being applied from.
It will show you if the GPO'S are being applied to the OU in question or if they are being inherited.

As stated above if you dont want an inherited policy to be inherited from an OU above it, simply right click the OU that DOES NOT REQUIRE the GPO and select BLOCK INHERITANCE.

If your a little reluctant to this, which is understandable,
Simple create a brand new OU at the top level,
then create a couple of OUs inside this test OU.
Now apply a couple of existing GPOs or create some test ones and apply one to your top level ou and one to the lower level ou.

Now check the Group Policy inheritance tab I mentioned above and you will see where they are being applied from.
Now on your lower level test ou which is obviosly inside your upper level ou,
right click the lower level ou and select block inheritance,
now check the Group Policy Inheritance Tab.

All OUs which have Block Inheritance selected on them can be identified by a Blue circle icon on them.

Hope this helps and hasnt totally confused you.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now