GPO Links and Item Level Targeting
I have 2 servers in my environment. 2012 Std (Fsmo) and 2003 Std.
I am new to Group Policy.
All users need the same mapped drives, but 2 of those users need those maps and a few additional mapped drives. Whats the best way to go about it?
Related question....if I have a GPO that I want use for a specific Security Group (or an individual), do I have to link that GPO to the OU (that has all the users) or do you ONLY configure Item Level Targeting.
I am new to Group Policy.
All users need the same mapped drives, but 2 of those users need those maps and a few additional mapped drives. Whats the best way to go about it?
Related question....if I have a GPO that I want use for a specific Security Group (or an individual), do I have to link that GPO to the OU (that has all the users) or do you ONLY configure Item Level Targeting.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sarang Tinguria
If you are new to group policy I would suggest you to use security filtering, Item level targeting will complicate the scenario
Actually, I disagree with sarang_tinguria and feel exactly the opposite. If you use drive mapping under the Preferences in your group policy with item level targeting based on security groups, you would set up all users in the main security group and only the 2 "special" users in a separate security group. Then you can use one GPO for all your drive maps, setting up the item level target group based on the security group membership. I think this is simpler than having to manage two separate policies for drive mapping and apply the separate GP's to each security group. Just my opinion...it will work either way.
ASKER
#1. I created a GPO for drive mappings. By default it has a Security Filter for Authenicated users. When a logged in, no maps.
#2. I edited the same GPO and defined Item Level Targetting for my User Name. Again no maps.
#3. I linked the GPO to an OU with me as a member.... I got the Map!
#4. I moved a second user into the OU, but did not define them under Item Level Targeting and did not get the map.
Does this make sence?
#2. I edited the same GPO and defined Item Level Targetting for my User Name. Again no maps.
#3. I linked the GPO to an OU with me as a member.... I got the Map!
#4. I moved a second user into the OU, but did not define them under Item Level Targeting and did not get the map.
Does this make sence?
You should not need to define anything for item level targeting if the Authenticated Users group is set up to be able to process the GPO. Are you sure that the GPO was applied to the workstation where you were logging in? Normally you need to restart a workstation at least once to apply a change to group policy login settings. I'd recommend running gpedit /force from the command line, then restart the workstation and log in as a different user to see if it works.
Another thing you can do is to run the GP Results tool from the GP management console, specifying that workstation and any domain user account to see if it new policy is being applied properly.
Another thing you can do is to run the GP Results tool from the GP management console, specifying that workstation and any domain user account to see if it new policy is being applied properly.