Link GPO to Computers

Posted on 2009-04-20
Medium Priority
Last Modified: 2012-05-06
I need to link a GPO to my domain computers.  Since all of my computers are in the Computers in AD (which isn't really a OU), how can I do this?

Will my Active Directory break if I create another OU and move the computers there?
Question by:vetted
LVL 47

Expert Comment

by:Donald Stewart
ID: 24188309
you can either link the gpo to your whole domain and leave the computers or create another ou and move the computers

Author Comment

ID: 24188361
The reason I'm asking this is b/c I just installed WSUS for the Windows Updates.  I currently have the GPO linked to the entire domain, but unless I specifically add the computer name in the Security Filtering of the GPO, the computers do not show up in the WSUS Administration Console.  I assumed they should probably be in their own OU and I could link it to that OU instead of adding each one by itself.
LVL 47

Accepted Solution

Donald Stewart earned 2000 total points
ID: 24188408
Try under security filtering add "Authenticated Users" , the "Domain Computers" are members of this group
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Expert Comment

ID: 24188445
hi vetted
you cannot link a gpo on "computers".. that's just a folder
if you move your computers to a new OU .. it will be fine and will not break anything..
If you want to test.. you can create new OU and try to move 1 computer inside it and test it.. it should work with no problems
About your Wsus.. it should have option that wsus administration should also look for other folders which you specify for computers.. by default for computers it looks into "my computer" folder

Expert Comment

ID: 24188452
Definately create an OU structure for the computers, it'l make life easier and they will still pick up the domain/site gpo's.

Author Closing Comment

ID: 31572455
I chose this answer because it required the least amount of work on my part. As soon as I did that and ran wuauclt /detectnow on one of the computers for testing, it showed up in the WSUS console.  I decided that I did not want to move the computers to another OU since this did work because that just means more upkeep when adding new computers to the domain. Thanks everyone!
LVL 57

Expert Comment

by:Mike Kline
ID: 24188525
I'd first go with what dstewart suggested.   I'd also run an RSoP report against one of those computers.  The GPO you linked at the domain level should be getting the policy.
The RSoP report should help you determine why it is not applying to them (security filtering or blocked inheritance, etc)

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question