GPO in OU on specific servers & users won't apply
Posted on 2010-01-07
I have a little problem with my group policy's.
I want a group policy for a group of users on a group of computers/servers.
To understand the full request I will sketch our domain.
DC: Windows 2003 R2 X64
Servers/VMserver: variating between 2003 to 2008R2
Client pc/laptops: variating between XP and Win7
Sub OU Admins
Sub OU Project Managers
Sub OU Users
Now I want to give my project managers restricted local administrative rights on the VMservers.
So I added the group Project Managers (who's in the OU PM) to the local administrator group on all of the VMServers.
I also want to restrict the permissions so they can't shut down a VMServer and etc...
I made an new GPO under the OU Project Managers and restricted everything to my wish under user configuration. Then in the security filtering I've added the servers that I want the policy to apply to.
Now my GPO works only on my project managers but on all my pc & servers. Not only those I've added in the Security Filtering.
I've also tried making a GPO in the OU VMserver and adding the usergroup to the security filtering but then the GPO doesn't work at all.
To explain why I want this, the firm I work for is an IT firm and our users may have full rights without restrictions on their personal pc/laptop. Our project managers can have restricted rights on the VMservers because these are development servers.
Can someone help my out with this one because I don't know where to look further...
ps: after every change in the GPO and before I test something out, I did a gpupdate /force on my DC.
Thanks for the reply's