GPO policies applying in Branch office from main office

stalliondz
stalliondz used Ask the Experts™
on
Hello,
i'm currently installing a new Domain controller in a branch office (a new office for the company), this DC is linked through VPN to the main office domain so basically it's an addictional domain controller but based in the branch office (and i have promoted it as a Global Catalog and it'll be used to authenticate users in the branch office.
I have created a new site in the active directory sites and services and moved the branch DC to it.
I have also created 2 subnets (1 for the main office and one for the branch office) as the following:
10.100.1.0/24 for the main office
10.100.5../24 for the branch office.

the problem that im facing is that i am getting the GPOs of the main office applied in the branch office ( i didn't touch any thing in the Group policy management console yet), is there nay thing that i should do to stop this issue ?

I want also when a user logs in from the main office to apply the main office policies for him, and we logs in from the branch office to apply different policies from him (example in the main office the internet proxy settings are: 10.100.1.5:8080 , but in the branch office they will be: 10.100.5.4:8080)


Please advise

Best regards
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
you will have to link the GPO's to site, not domain or ou if you want it to selectively only apply to users/compuers in  a specific site.

go and reads up about the GPO binding and order in which they apply, since you will have to make changes to the GPO's to prevent the settings comming from teh site to be overwritten.,
http://technet.microsoft.com/en-us/library/cc785665(WS.10).aspx
Commented:
The best practice acc to MS is apply GPO at domain level.
When user logs in first time it takes only time & after that when there is any change then only it contact dc.
As GPO's are place at sysvol & netlogon & its shared it will contact local DC for GPO's,check the primary 7 alternate dns configured for dns & subnets are properly linked with their sites.

As FemSteenkamp said look for GPO's its not been applied at site level.
Even if it is applied at site level only dc will contact to another dc to get the sysvol synced & since the policy is stored in ssyvol,the local system should not contact remote dc.

Check for local dc dns has been configured on client machine as primary dns & secondry to other.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial