Solved

GPO for Computers based on a User OU

Posted on 2011-03-08
6
821 Views
Last Modified: 2012-05-11
I've been tasked with creating a GPO that forces IE, Firefox and Chrome's default homepage to a specific URL. From my testing, it looks like the settings on the Computer branch are the ones sticking.

Now, the GPO mus be applied to a few User OUs and not Computer OUs. I have been looking into "GPO loopback processing" but this works in the opposite way.

I need to figure out a way to make the Computer GPO follow my users in the OUs I link the GPO to.

Help!

Note: This question focus is on the Group Policy Modeling not on the browser configuration.
0
Comment
Question by:xperttech
  • 4
6 Comments
 
LVL 6

Accepted Solution

by:
mahrens007 earned 300 total points
ID: 35075128
If the users are all in the same OU, then create a new GPO and apply the settings in the lower screenshot.




If the users are in different OUs and you only want a couple of users, then create a new security group.   This was done in SBS 2008, but same idea as server 2008.


sn1
The security group settings (Ignore the fake proxy info):
sn2
sn3

The GPO settings:


4.jpg
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35075790
What settings in the GPO are you using? I'm not sure how to advise you without knowing what settings you're trying to apply.
0
 
LVL 5

Author Comment

by:xperttech
ID: 35084578
mahrens007: Your suggestion sort of makes sense. Just to clarify: My GPO, which contains computer configuration settings could be linked at the domain level, and in the security filtering just allowed to the user's OU? The question is, won't the computer settings get applied before the user logs-in?

My_Username: Below is the computer settings I want to target to a specific group of users (OU). In this screen shot I missed IE's homepage but it's intended to be there...

GPO
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35084825
For the IE setting you should use the User Configuration section of the GPO and then apply it to the users you want it to affect.

The nature of the way GPO works doesn't allow you to do what you're trying to do. Computer Configuration can only be applied to computers. It has not bearing on who is logged on to the computer as far as what policy it will apply.

I assume that you're using the adm file from Mozilla for Firefox settings. They have the CLASS USER section so you should be able to configure the settings in the User Configuration section. So same as IE. If you don't have any Firefox User Configuration settings then download this adm template from Sourceforge. http://sourceforge.net/projects/gpofirefox/files/firefox.adm/download

As for Chrome, I didn't see any adm templates that has the CLASS USER section so it looks like you'll only be able to configure per-machine configurations for it unless you write your own adm template.
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35084843
Bottom line: you can apply computer settings to a computer based on the logged on user. Sorry.
0
 
LVL 18

Assisted Solution

by:Jeremy Weisinger
Jeremy Weisinger earned 200 total points
ID: 35084858
Er.. correction, it should have said "you cannot apply computer settings to a computer based on the logged on user."
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now