GPO Links and Item Level Targeting

I have 2 servers in my environment.  2012 Std (Fsmo) and 2003 Std.  

I am new to Group Policy.  

All users need the same mapped drives, but 2 of those users need those maps and a few additional mapped drives.  Whats the best way to go about it?

Related question....if I have a GPO that I want use for a specific Security Group (or an individual), do I have to link that GPO to the OU (that has all the users) or do you ONLY configure Item Level Targeting.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
You can use item level targeting you can also use security filtering on the GPO and have it only apply to a certain user or group.  More on security filtering

You could also place those users in a different OU and link the GPO there.  

I would use security filtering or item level targetting.  I also like to make the GPO name descriptive (for example Extra Mapped Drives)



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Life1430Sr EngineerCommented:
If you are new to group policy I would suggest you to use security filtering, Item level targeting will complicate the scenario
Hypercat (Deb)Commented:
Actually, I disagree with sarang_tinguria and feel exactly the opposite.  If you use drive mapping under the Preferences in your group policy with item level targeting based on security groups, you would set up all users in the main security group and only the 2 "special" users in a separate security group. Then you can use one GPO for all your drive maps, setting up the item level target group based on the security group membership.  I think this is simpler than having to manage two separate policies for drive mapping and apply the separate GP's to each security group.  Just my will work either way.
howmad2Author Commented:
#1.  I created a GPO for drive mappings.   By default it has a Security Filter for Authenicated users.  When a logged in, no maps.

#2.  I edited the same GPO and defined Item Level Targetting for my User Name.  Again no maps.

#3.  I linked the GPO to an OU with me as a member.... I got the Map!

#4.  I moved a second user into the OU, but did not define them under Item Level Targeting and did not get the map.

Does this make sence?
Hypercat (Deb)Commented:
You should not need to define anything for item level targeting if the Authenticated Users group is set up to be able to process the GPO.  Are you sure that the GPO was applied to the workstation where you were logging in?  Normally you need to restart a workstation at least once to apply a change to group policy login settings. I'd recommend running  gpedit /force from the command line, then restart the workstation and log in as a different user to see if it works.  

Another thing you can do is to run the GP Results tool from the GP management console, specifying that workstation and any domain user account to see if it new policy is being applied properly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.