[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 558
  • Last Modified:

how to assign GPO to specific users

Hey guys,

I am running SBS08 and need to learn how to assign a GPO to certain users only. I dont want it applied to the whole network. I need to do it by a department by department approach.

Not very good with GPO's so can somone tell me how to do this please?
0
sbodnar
Asked:
sbodnar
  • 3
  • 3
  • 2
  • +5
4 Solutions
 
AquatoneCommented:
Hello,

I would create a new OU (or use an existing OU) and assign the GPO to that OU. Then, place the target users/computers in that OU.
0
 
berry_rijnbeekCommented:
0
 
Jaroslav MrazCTOCommented:
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
Krzysztof PytkoActive Directory EngineerCommented:
Another option for that is to use GPO Filtering. Google a little bit for that and I think you may be interested in that option :) (sorry that I don't post links, it's inconvenient to do that on mobile ;) )

Regards,
Krzysztof
0
 
Joseph DalyCommented:
Depending on your active directory structure there are two main ways of doing this.

1. If each of your departments are seperated out into their own organizational units (OUs) then you can simply create your GPO and apply it to each OU as you decide they are ready for it.

2. The other way of doing this assuming that you dont have seperate OUs is to create a security group for each department that you want to assign the GPO to. Then you can create your group policy, down the bottom by default there will be a setting for "Security Filtering" (screenshot 1) by default this has authenticated users in it.

You will want to remove the authenticated users from the list and add the security group or groups you just created. Basically this lists the people who are allowed to apply the policy. If all your users or computers are in one OU this is a good way of blocking the policy.
1.jpg
0
 
sbodnarAuthor Commented:
Ok, i created the OU and created a GPO inside of it. Now, how do I assign it to a user and enforce it?
0
 
AquatoneCommented:
Place the user account(s) or group(s) in the OU. Make sure the groups the users are in, have "read" permission for the GPO (they should already).
0
 
sbodnarAuthor Commented:
Yes, did that and do I just leave it checked off as link enabled or do I enforce it as well?

Cause I dont see it taking on my workstation yet...
0
 
berry_rijnbeekCommented:
Did you already fore the policy by the commend gpupdate /force and restart the workstation?
0
 
AquatoneCommented:
Log off/on and test the GPO as one of the target users, or a test user in that specific OU. If you account is an administrative account, the GPO may not apply.
0
 
MarkieSCommented:
Additional tip:

When applying Computer settings
MarkieSin a GPO the Computer Account has to be in the OU.

When applying User settings in a GPO, the User account has to be in the GPO.

Good luck
0
 
jaredr80Commented:
Just a word to the wise. SBS no matter what version you are utilizing relies on the OU structure of My Business. You will run into problems in the SBS console if you remove users or computers from these default OU's. I would not recommend removing users from the OU's to apply GP's. Instead as mentioned above, create security groups with either computers or users, or both if you are going to do a loopback and then remove Authenticated Users from Security Filtering and put in the security groups that you have created. Then apply it to the entire Domain, My Business OU, SBSUsers OU, or SBS Computers Ou.

Jared
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Give a try to GPO Filtering :) In this case, it looks like the most simple method for you. Please check this MS article about that at
http://technet.microsoft.com/en-us/library/cc779291%28WS.10%29.aspx

Krzysztof
0
 
sbodnarAuthor Commented:
Multiple good points stated here and applied points to each of you
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now