vetted
asked on
Link GPO to Computers
I need to link a GPO to my domain computers. Since all of my computers are in the Computers in AD (which isn't really a OU), how can I do this?
Will my Active Directory break if I create another OU and move the computers there?
Will my Active Directory break if I create another OU and move the computers there?
you can either link the gpo to your whole domain and leave the computers or create another ou and move the computers
ASKER
The reason I'm asking this is b/c I just installed WSUS for the Windows Updates. I currently have the GPO linked to the entire domain, but unless I specifically add the computer name in the Security Filtering of the GPO, the computers do not show up in the WSUS Administration Console. I assumed they should probably be in their own OU and I could link it to that OU instead of adding each one by itself.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
hi vetted
you cannot link a gpo on "computers".. that's just a folder
if you move your computers to a new OU .. it will be fine and will not break anything..
If you want to test.. you can create new OU and try to move 1 computer inside it and test it.. it should work with no problems
About your Wsus.. it should have option that wsus administration should also look for other folders which you specify for computers.. by default for computers it looks into "my computer" folder
you cannot link a gpo on "computers".. that's just a folder
if you move your computers to a new OU .. it will be fine and will not break anything..
If you want to test.. you can create new OU and try to move 1 computer inside it and test it.. it should work with no problems
About your Wsus.. it should have option that wsus administration should also look for other folders which you specify for computers.. by default for computers it looks into "my computer" folder
Definately create an OU structure for the computers, it'l make life easier and they will still pick up the domain/site gpo's.
ASKER
I chose this answer because it required the least amount of work on my part. As soon as I did that and ran wuauclt /detectnow on one of the computers for testing, it showed up in the WSUS console. I decided that I did not want to move the computers to another OU since this did work because that just means more upkeep when adding new computers to the domain. Thanks everyone!
I'd first go with what dstewart suggested. I'd also run an RSoP report against one of those computers. The GPO you linked at the domain level should be getting the policy.
The RSoP report should help you determine why it is not applying to them (security filtering or blocked inheritance, etc)
Thanks
Mike
The RSoP report should help you determine why it is not applying to them (security filtering or blocked inheritance, etc)
Thanks
Mike