Assign Group Policy to a Group

So I am running a script on certain computers in the agency and I don't want to move all of them from the Users Folder to a different OU (Test_Deploy) with a modified GPO (basically the OnLogon portion).

So instead of moving all of the users from the Users folder to the TestGPO OU I tried to create a group called TempDeploy.  I added the users I wanted to the TempDeploy group and then added the TempDeploy group to TestGPO.  However, the script did not run.  

The script only ran if I took the Users from the User Folder and added them to the OU TestGPO.  

Is there a way I can apply a GPO to a group within an OU?

Thanks,
JOe K.
ClaudeWalkerAsked:
Who is Participating?
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
If your AD structure is as unorganised as it sounds....

Link the policy to the domain root and then remove Authenticated users and add Just the Group in the security filtering. That way it wont matter where your users are in terms of OU's

This is using JUST the USERS section of the policy yes?
0
 
Mike KlineCommented:
Are you talking about the the deafult Users container or do you have an OU for users.  The problem with the users container is that you can't link a GPO to a container.

You can link a GPO to an OU (right click on the OU in GPMC and link the GPO).  

Thanks

Mike
0
 
pravin3000aCommented:
if all these users are member of a container assign the policy to that container,and then filter the policy only for the perticular group thats how the policy will run only for the group and not for others.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Mike KlineCommented:
You can't link a policy to a container.
0
 
ClaudeWalkerAuthor Commented:
Is a group a container?

In the picture the script will run on Becky, Steve and Rebecca but not the members of TestGroup.

 Groups
0
 
Neil RussellTechnical Development LeadCommented:
Oh i see!
No that wont work

Follow what I said above and it will. You add TestGroup as the group named in the policy filtering section.
0
 
Mike KlineCommented:
In the picture the script will run on Becky, Steve and Rebecca but not the members of TestGroup.

Exactly correct that is how group policy works.  Although it is called  "group policy' the policies only apply to users and/or computers...not groups.
0
 
Mike KlineCommented:
Neilsr...it still won't work if he filters on testgroup because a GPO can't apply to a group.
0
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
Tip:

Never use the USERS or the COMPUTERS folder to store live objects that you create yourself.

Create OU's to hold these objects in as you can NOT link a GPO to USERS or COMPUTERS. They are Containers and NOT OU's
0
 
Neil RussellTechnical Development LeadCommented:
"Neilsr...it still won't work if he filters on testgroup because a GPO can't apply to a group. "

HELLO?

Did you read what I said?

1) LINK the policy to the domain root.
2) Remove Authenticated users from policy filter
3) Add THE GROUP to the policy filter

That WILL work
0
 
Mike KlineCommented:
ok if he links to the domain root,  I generally don't like having every GPO linked at the root.
0
 
Neil RussellTechnical Development LeadCommented:
In HIS instance he has no choice IF users are in the USERS container.  Please READ before you critisize other experts answers. The answer i gave fits exactly what was asked.
0
 
Neil RussellTechnical Development LeadCommented:
Sorry mkline71, that sounded abrupt, was not meant to be.
0
 
Mike KlineCommented:
No big deal I like the passion :)
0
 
ClaudeWalkerAuthor Commented:
It sounds like 2 things:

1) I need to organize all users I created into OU's.  Should I do the same with the computers as well?

2)  Even if a group is in an OU (and corresponding GPO to that OU) the group itself will not be effected by the Group Policy.

3) I like the passion as well :)
0
 
Mike KlineCommented:
1)  you can do that or link the GPO at the domain level and sue security filtering.  I personally like splitting them out into OUs

2.  correct the group itself or members of the group in the OU will not have a GPO applied to them.

Thanks

Mike
0
 
pravin3000aCommented:
ou/site/domains are containers.you can assign policy to them,once you edit the policy you can see in bottom of right half ,that is filtering use that for assigning to perrticular mebers only,here you can selet the group as well,that is how you can assign policy to any group.
0
 
pravin3000aCommented:
in your case you can set it on your domain but make sure you filter it.
0
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
Cab i suguest you have a good read of this -> http://technet.microsoft.com/en-us/library/cc754948(WS.10).aspx

When you think you understand it, read it again :)
0
 
ClaudeWalkerAuthor Commented:
Sorry about the delayed response/award.

Thanks guys.  I ended up assigning a deployment GPO in lieu of a total restructing (...yet).

I have a much better understanding of AD/GP so thanks,
JOe K.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.