[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Applying GPO to Select Computers

Posted on 2009-04-21
19
Medium Priority
?
386 Views
Last Modified: 2012-05-06
Hey All,

I had a topic a while back that touched up on this issue.

Goal = Apply a GPO - Computer Policy to only computer's I select for Folder Redirection.
Problem = I cannot create OU's in A.D. under Computers. I cannot move computers/servers from the Computers OU in AD to another OU.

I want to do folder redirection only my Terminal Servers, but I obviously cannot redirect using Local Policies on the servers. Is there an easy way to achieve this goal, can it be done manually on each server?

Thanks in advance.
0
Comment
Question by:ValleyENT
  • 7
  • 6
  • 3
  • +2
19 Comments
 
LVL 11

Expert Comment

by:willettmeister
ID: 24197125
You can assign GPO's based on group membership.  I would recommand that.  

You just assign the group that has permission to the GPO and apply it to the OU your objects are in.

on the Scope screen for the GPO remove the default group(authenticated users I Believe) and add the group that your objects are assigned to in there.
0
 
LVL 14

Expert Comment

by:amichaell
ID: 24197172
Why can't you move the terminal servers in to their own OU?  I'm guessing this is a not a technical problem?

You can apply GPOs to particular computers/security groups with the filtering options.  Using gpmc.msc, add the computers/security groups you want the policy to apply to and remove those you don't want it to apply to.
0
 
LVL 4

Author Comment

by:ValleyENT
ID: 24197175
I understand this process, but it cannot be done in my scenario. All of our employees at some point will use the terminal servers mostly for Citrix usage. All of my computers and servers are in the "Computers"  OU. If I apply a GPO to the Computers OU and throw Domain Users in place of Authenticated Users (Same Concept) it will redirect ALL users data on ALL computers, not just the terminal servers.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 5

Accepted Solution

by:
mrmarkfury earned 2000 total points
ID: 24197197
Add just your terminal servers to a group called "Folder Redirection Computers"

Create a GPO that defines your folder redirection policy

Under the Security Filtering for that GPO, remove "Authenticated Users" and add "Folder Redirection Computers"


If you don't have GPMC, get it.
http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24197201
For general security filtering look at this blog entry I wrote
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html
Your situation is a little different though as you want to do this on terminal servers.  For that you can use loopback
Good entry on that here:
http://www.msterminalservices.org/articles/Configure-Folder-Redirection.html
If you haven't dealt with loopback processing GP MVP Darren has a great writeup here:
http://sdmsoftware.com/blog/2009/01/please_explain_loopback_proces.html
Thanks
Mike
0
 
LVL 4

Author Comment

by:ValleyENT
ID: 24197203
I am not sure why I cannot place them in there own OU. This infrastructure was developed before I got involved, and I have never come across this. It isn't as if we are experiencing difficulties of any sort. I didn't think you could add a "computer" to a GPO, but I will give it a whirl.
0
 
LVL 5

Expert Comment

by:mrmarkfury
ID: 24197208
Sorry, should have mentioned, you apply that to your Computers OU, and because of the security filtering, ONLY computers in the "Folder Redirection Computers" will apply the policy
0
 
LVL 4

Author Comment

by:ValleyENT
ID: 24197273
mrmarkfury, I do use gpmc but you cannot add Computer Objects to a security group, at least I cannot.
0
 
LVL 5

Expert Comment

by:mrmarkfury
ID: 24197313
You should be able to, make sure you add computers to the object types you are looking for when adding them to a group. I'll upload a screenie to show you.
gp.bmp
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24197342
You should be able to, when you go to your add members to the group click on "Object Types"
make sure computers are checked (see screenshot)
Thanks
Mike

objecttypes.jpg
0
 
LVL 14

Expert Comment

by:amichaell
ID: 24197364
That still gets me to this day.  That and searching for a computer account without selecting Computers as the search criteria (since it isn't included by default).
0
 
LVL 4

Author Comment

by:ValleyENT
ID: 24197424
mrmarkfury, OMG! I totally forgot to check Computers. This will work perfect. On a side note, any idea as to why I cannot create OU's in my existing Computers OU?
0
 
LVL 4

Author Comment

by:ValleyENT
ID: 24197432
I also cannot see the computers ou in gpmc.
0
 
LVL 5

Expert Comment

by:mrmarkfury
ID: 24197443
its not an OU, its a default container created when you install AD...
0
 
LVL 5

Expert Comment

by:mrmarkfury
ID: 24197447
Just apply the GPO to the domain, it will be filtered for every other computer....
0
 
LVL 4

Author Comment

by:ValleyENT
ID: 24197451
Ahh, that explains it.
0
 
LVL 4

Author Comment

by:ValleyENT
ID: 24197455
Thanks for your help.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24197467
What you are referring to is the computer container, that won't show up in GPMC.  Only OUs appear in GPMC.
Thanks
Mike

GPMC-no-containers.jpg
0
 
LVL 5

Expert Comment

by:mrmarkfury
ID: 24197470
Glad I could help
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question