kam_uk
asked on
GPO Setting query
Hi All
We are running Windows 2003 Active Directory. We have a Users OU which has a GPO named "UsersGPO" applied. This GPO sets many settings including desktop wallpaper, IE home page, what they can see in the Control Panel etc etc. The GPO is applied as:
Security Filtering: Authenticated Users
Delegation: Domain Admins, IT staff are denied from GPO application
We have a couple of developers in our company, and they want to test something related to the company Intranet. So, they want NO IE home page set, but they do want all the other settings.
I was just thinking of the best way to do this. My thoughts were:
i) Copy the UsersGPO and create a new one, DevelopersGPO, that had the same settings bar the IE home page.
ii) In Filtering, set to the Developers AD security group only.
I'm not sure what to set in Delegation though? Will the fact that the GPO has Filtering for Developers AD group only mean that it won't be applied to other users/domain admins etc? Or should I add them in there, with a Deny, to be sure? How about Denying them from even reading it?
iv) In the Users OU, the UsersGPO has link order 3. Would I be correct in saying that as long as this GPO was link order less than that (e.g. 2), the IE setting would not be set for these developers?
Any help appreciated!
We are running Windows 2003 Active Directory. We have a Users OU which has a GPO named "UsersGPO" applied. This GPO sets many settings including desktop wallpaper, IE home page, what they can see in the Control Panel etc etc. The GPO is applied as:
Security Filtering: Authenticated Users
Delegation: Domain Admins, IT staff are denied from GPO application
We have a couple of developers in our company, and they want to test something related to the company Intranet. So, they want NO IE home page set, but they do want all the other settings.
I was just thinking of the best way to do this. My thoughts were:
i) Copy the UsersGPO and create a new one, DevelopersGPO, that had the same settings bar the IE home page.
ii) In Filtering, set to the Developers AD security group only.
I'm not sure what to set in Delegation though? Will the fact that the GPO has Filtering for Developers AD group only mean that it won't be applied to other users/domain admins etc? Or should I add them in there, with a Deny, to be sure? How about Denying them from even reading it?
iv) In the Users OU, the UsersGPO has link order 3. Would I be correct in saying that as long as this GPO was link order less than that (e.g. 2), the IE setting would not be set for these developers?
Any help appreciated!
vmwarun - Arun
Have you grouped the Developers to a separate OU ?
ASKER
Sorry - should have said - the Developers are in the Users OU, same as everyone else.
Link the newly created GPO to the OU and under Security Filtering make sure that only the 2 Developers are added and all other users/groups are removed.
ASKER
Sure, thanks... but what about my questions here:
"I'm not sure what to set in Delegation though? Will the fact that the GPO has Filtering for Developers AD group only mean that it won't be applied to other users/domain admins etc? Or should I add them in there, with a Deny, to be sure? How about Denying them from even reading it?
iv) In the Users OU, the UsersGPO has link order 3. Would I be correct in saying that as long as this GPO was link order less than that (e.g. 2), the IE setting would not be set for these developers?"
"I'm not sure what to set in Delegation though? Will the fact that the GPO has Filtering for Developers AD group only mean that it won't be applied to other users/domain admins etc? Or should I add them in there, with a Deny, to be sure? How about Denying them from even reading it?
iv) In the Users OU, the UsersGPO has link order 3. Would I be correct in saying that as long as this GPO was link order less than that (e.g. 2), the IE setting would not be set for these developers?"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.