GPO for Computers based on a User OU
I've been tasked with creating a GPO that forces IE, Firefox and Chrome's default homepage to a specific URL. From my testing, it looks like the settings on the Computer branch are the ones sticking.
Now, the GPO mus be applied to a few User OUs and not Computer OUs. I have been looking into "GPO loopback processing" but this works in the opposite way.
I need to figure out a way to make the Computer GPO follow my users in the OUs I link the GPO to.
Help!
Note: This question focus is on the Group Policy Modeling not on the browser configuration.
Now, the GPO mus be applied to a few User OUs and not Computer OUs. I have been looking into "GPO loopback processing" but this works in the opposite way.
I need to figure out a way to make the Computer GPO follow my users in the OUs I link the GPO to.
Help!
Note: This question focus is on the Group Policy Modeling not on the browser configuration.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What settings in the GPO are you using? I'm not sure how to advise you without knowing what settings you're trying to apply.
ASKER
mahrens007: Your suggestion sort of makes sense. Just to clarify: My GPO, which contains computer configuration settings could be linked at the domain level, and in the security filtering just allowed to the user's OU? The question is, won't the computer settings get applied before the user logs-in?
My_Username: Below is the computer settings I want to target to a specific group of users (OU). In this screen shot I missed IE's homepage but it's intended to be there...
My_Username: Below is the computer settings I want to target to a specific group of users (OU). In this screen shot I missed IE's homepage but it's intended to be there...
For the IE setting you should use the User Configuration section of the GPO and then apply it to the users you want it to affect.
The nature of the way GPO works doesn't allow you to do what you're trying to do. Computer Configuration can only be applied to computers. It has not bearing on who is logged on to the computer as far as what policy it will apply.
I assume that you're using the adm file from Mozilla for Firefox settings. They have the CLASS USER section so you should be able to configure the settings in the User Configuration section. So same as IE. If you don't have any Firefox User Configuration settings then download this adm template from Sourceforge. http://sourceforge.net/projects/gpofirefox/files/firefox.adm/download
As for Chrome, I didn't see any adm templates that has the CLASS USER section so it looks like you'll only be able to configure per-machine configurations for it unless you write your own adm template.
The nature of the way GPO works doesn't allow you to do what you're trying to do. Computer Configuration can only be applied to computers. It has not bearing on who is logged on to the computer as far as what policy it will apply.
I assume that you're using the adm file from Mozilla for Firefox settings. They have the CLASS USER section so you should be able to configure the settings in the User Configuration section. So same as IE. If you don't have any Firefox User Configuration settings then download this adm template from Sourceforge. http://sourceforge.net/projects/gpofirefox/files/firefox.adm/download
As for Chrome, I didn't see any adm templates that has the CLASS USER section so it looks like you'll only be able to configure per-machine configurations for it unless you write your own adm template.
Bottom line: you can apply computer settings to a computer based on the logged on user. Sorry.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.