ValleyENT
asked on
Applying GPO to Select Computers
Hey All,
I had a topic a while back that touched up on this issue.
Goal = Apply a GPO - Computer Policy to only computer's I select for Folder Redirection.
Problem = I cannot create OU's in A.D. under Computers. I cannot move computers/servers from the Computers OU in AD to another OU.
I want to do folder redirection only my Terminal Servers, but I obviously cannot redirect using Local Policies on the servers. Is there an easy way to achieve this goal, can it be done manually on each server?
Thanks in advance.
I had a topic a while back that touched up on this issue.
Goal = Apply a GPO - Computer Policy to only computer's I select for Folder Redirection.
Problem = I cannot create OU's in A.D. under Computers. I cannot move computers/servers from the Computers OU in AD to another OU.
I want to do folder redirection only my Terminal Servers, but I obviously cannot redirect using Local Policies on the servers. Is there an easy way to achieve this goal, can it be done manually on each server?
Thanks in advance.
Why can't you move the terminal servers in to their own OU? I'm guessing this is a not a technical problem?
You can apply GPOs to particular computers/security groups with the filtering options. Using gpmc.msc, add the computers/security groups you want the policy to apply to and remove those you don't want it to apply to.
You can apply GPOs to particular computers/security groups with the filtering options. Using gpmc.msc, add the computers/security groups you want the policy to apply to and remove those you don't want it to apply to.
ASKER
I understand this process, but it cannot be done in my scenario. All of our employees at some point will use the terminal servers mostly for Citrix usage. All of my computers and servers are in the "Computers" OU. If I apply a GPO to the Computers OU and throw Domain Users in place of Authenticated Users (Same Concept) it will redirect ALL users data on ALL computers, not just the terminal servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For general security filtering look at this blog entry I wrote
http://adisfun.blogspot.co
Your situation is a little different though as you want to do this on terminal servers. For that you can use loopback
Good entry on that here:
http://www.msterminalservi
If you haven't dealt with loopback processing GP MVP Darren has a great writeup here:
http://sdmsoftware.com/blog/2009/01/please_explai
Thanks
Mike
http://adisfun.blogspot.co
Your situation is a little different though as you want to do this on terminal servers. For that you can use loopback
Good entry on that here:
http://www.msterminalservi
If you haven't dealt with loopback processing GP MVP Darren has a great writeup here:
http://sdmsoftware.com/blog/2009/01/please_explai
Thanks
Mike
ASKER
I am not sure why I cannot place them in there own OU. This infrastructure was developed before I got involved, and I have never come across this. It isn't as if we are experiencing difficulties of any sort. I didn't think you could add a "computer" to a GPO, but I will give it a whirl.
Sorry, should have mentioned, you apply that to your Computers OU, and because of the security filtering, ONLY computers in the "Folder Redirection Computers" will apply the policy
ASKER
mrmarkfury, I do use gpmc but you cannot add Computer Objects to a security group, at least I cannot.
You should be able to, make sure you add computers to the object types you are looking for when adding them to a group. I'll upload a screenie to show you.
gp.bmp
gp.bmp
You should be able to, when you go to your add members to the group click on "Object Types"
make sure computers are checked (see screenshot)
Thanks
Mike
objecttypes.jpg
make sure computers are checked (see screenshot)
Thanks
Mike
objecttypes.jpg
That still gets me to this day. That and searching for a computer account without selecting Computers as the search criteria (since it isn't included by default).
ASKER
mrmarkfury, OMG! I totally forgot to check Computers. This will work perfect. On a side note, any idea as to why I cannot create OU's in my existing Computers OU?
ASKER
I also cannot see the computers ou in gpmc.
its not an OU, its a default container created when you install AD...
Just apply the GPO to the domain, it will be filtered for every other computer....
ASKER
Ahh, that explains it.
ASKER
Thanks for your help.
What you are referring to is the computer container, that won't show up in GPMC. Only OUs appear in GPMC.
Thanks
Mike
GPMC-no-containers.jpg
Thanks
Mike
GPMC-no-containers.jpg
Glad I could help
You just assign the group that has permission to the GPO and apply it to the OU your objects are in.
on the Scope screen for the GPO remove the default group(authenticated users I Believe) and add the group that your objects are assigned to in there.