We are currently in the process of redesigning a new Active Directory system due to company expansion and the old AD got messy due to no organizational rules set in place at the time.
Our Techs must move a new computer account under the Computers Container to a "New Computers" OU that has proper polices attached to it. They tend to forget this quite a bit. The polices on this OU are semi critical as it forces all updates, security settings, AV software to be installed at first boot, where any other OU we store computers have the same settings (and more) but installs/updates take place during off hours.
I would like to deny the techs from AD and have the systems automatically get these critical settings now rather than wait upto 48 hours.
How can this be done?
Can we apply policies to the Computer container? or Can we redirect all new systems to the "New Computer" OU when it's joined to the domain (create a new default location for new computer accounts)?
What would you recommend to do and recommend for resources to complete the procedure I should do?
We will be utilzing all Server 2008 and AD will be elevated to the newest technology available.