GPO policies applying in Branch office from main office

Hello,
i'm currently installing a new Domain controller in a branch office (a new office for the company), this DC is linked through VPN to the main office domain so basically it's an addictional domain controller but based in the branch office (and i have promoted it as a Global Catalog and it'll be used to authenticate users in the branch office.
I have created a new site in the active directory sites and services and moved the branch DC to it.
I have also created 2 subnets (1 for the main office and one for the branch office) as the following:
10.100.1.0/24 for the main office
10.100.5../24 for the branch office.

the problem that im facing is that i am getting the GPOs of the main office applied in the branch office ( i didn't touch any thing in the Group policy management console yet), is there nay thing that i should do to stop this issue ?

I want also when a user logs in from the main office to apply the main office policies for him, and we logs in from the branch office to apply different policies from him (example in the main office the internet proxy settings are: 10.100.1.5:8080 , but in the branch office they will be: 10.100.5.4:8080)


Please advise

Best regards
stalliondzAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FemSteenkampCommented:
you will have to link the GPO's to site, not domain or ou if you want it to selectively only apply to users/compuers in  a specific site.

go and reads up about the GPO binding and order in which they apply, since you will have to make changes to the GPO's to prevent the settings comming from teh site to be overwritten.,
http://technet.microsoft.com/en-us/library/cc785665(WS.10).aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AwinishCommented:
The best practice acc to MS is apply GPO at domain level.
When user logs in first time it takes only time & after that when there is any change then only it contact dc.
As GPO's are place at sysvol & netlogon & its shared it will contact local DC for GPO's,check the primary 7 alternate dns configured for dns & subnets are properly linked with their sites.

As FemSteenkamp said look for GPO's its not been applied at site level.
Even if it is applied at site level only dc will contact to another dc to get the sysvol synced & since the policy is stored in ssyvol,the local system should not contact remote dc.

Check for local dc dns has been configured on client machine as primary dns & secondry to other.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.