• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1305
  • Last Modified:

GPO Links and Item Level Targeting

I have 2 servers in my environment.  2012 Std (Fsmo) and 2003 Std.  

I am new to Group Policy.  

All users need the same mapped drives, but 2 of those users need those maps and a few additional mapped drives.  Whats the best way to go about it?

Related question....if I have a GPO that I want use for a specific Security Group (or an individual), do I have to link that GPO to the OU (that has all the users) or do you ONLY configure Item Level Targeting.
1 Solution
Mike KlineCommented:
You can use item level targeting you can also use security filtering on the GPO and have it only apply to a certain user or group.  More on security filtering


You could also place those users in a different OU and link the GPO there.  

I would use security filtering or item level targetting.  I also like to make the GPO name descriptive (for example Extra Mapped Drives)


Sarang TinguriaSr EngineerCommented:
If you are new to group policy I would suggest you to use security filtering, Item level targeting will complicate the scenario
Hypercat (Deb)Commented:
Actually, I disagree with sarang_tinguria and feel exactly the opposite.  If you use drive mapping under the Preferences in your group policy with item level targeting based on security groups, you would set up all users in the main security group and only the 2 "special" users in a separate security group. Then you can use one GPO for all your drive maps, setting up the item level target group based on the security group membership.  I think this is simpler than having to manage two separate policies for drive mapping and apply the separate GP's to each security group.  Just my opinion...it will work either way.
howmad2Author Commented:
#1.  I created a GPO for drive mappings.   By default it has a Security Filter for Authenicated users.  When a logged in, no maps.

#2.  I edited the same GPO and defined Item Level Targetting for my User Name.  Again no maps.

#3.  I linked the GPO to an OU with me as a member.... I got the Map!

#4.  I moved a second user into the OU, but did not define them under Item Level Targeting and did not get the map.

Does this make sence?
Hypercat (Deb)Commented:
You should not need to define anything for item level targeting if the Authenticated Users group is set up to be able to process the GPO.  Are you sure that the GPO was applied to the workstation where you were logging in?  Normally you need to restart a workstation at least once to apply a change to group policy login settings. I'd recommend running  gpedit /force from the command line, then restart the workstation and log in as a different user to see if it works.  

Another thing you can do is to run the GP Results tool from the GP management console, specifying that workstation and any domain user account to see if it new policy is being applied properly.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now