Security Basics mailing list archives
Re: Applying Group Policies to selective OUs...
From: Raoul Armfield <armfield () amnh org>
Date: Thu, 29 Dec 2005 14:04:38 -0500
Jim Gaudet wrote:
The user object, or computer object have to live in the OU. I found it easier to just create a security group, instead of an OU. Then put the members in the group, either user of computer. Then on the GPO, remove the Authenticated Users group, and replace with the security group youjust created.Now the GPO will only be applied to this group.
That is funny, having tested this I found that this does not work. You can not apply GPO to security groups or even if you could it becomes an administrative nightmare. The whole point of OUs is to divide your organization into Organizational Units that you can apply policies to. What if someone needs to be part of an security group but does not need to have a certain policy applied to them or vice versa?
Raoul -- Raoul Armfield rarmfield at amnh dot org --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Re: Applying Group Policies to selective OUs... Raoul Armfield (Jan 03)
- Re: Applying Group Policies to selective OUs... Barrie Dempster (Jan 04)
- <Possible follow-ups>
- RE: Applying Group Policies to selective OUs... Roger A. Grimes (Jan 04)
- RE: Applying Group Policies to selective OUs... Nick Duda (Jan 04)