No announcement yet.

Need help with GPO filtering

  • Filter
  • Time
  • Show
Clear All
new posts

  • Need help with GPO filtering

    I have 2 GPOs, one is tightGPO and one is openGPO.
    My AD is like this:

    Domain Controllers

    At MyDomain.local level, I have tightGPO linked to the
    domain. I also have Allow Policy security ACL
    filtering on a user called MyUsr. When he logs into
    the domain, tightGPO secures his desktop.

    But when MyUsr log into a computer inside MyOU, I need
    MyUsr to be able to do some stuffs that he was not
    able to do with tightGPO. So I've created openGPO,
    and linked it to MyOU. I also set Allow Policy on
    with openGPO and MyUsr.

    I thought this should work since GPO is applied in
    this order:
    Default domain GPO

    But when I run gpresult, it did not show openGPO being
    applied to MyUsr when he logs into a computer in MyOU.
    I did not set any block inheritance or no overide.

    Plz advise.

  • #2
    I am referring to the User Settings of the GPO.
    That is if tightGPO secures the Start Menu when MyUsr log on to the domain, I need to have this setting removed with the same MyUsr when he logs onto a computer in MyOU.



    • #3
      I have the impression that you have missed a point about the working of GPO's. Look at it like this:

      - The Computer Configuration part of GPO's apply to computer accounts
      - The User Configuration is for user accounts.

      In other words, the User settings will NOT apply if the account of the user is not in scope of the GPO, which is what seems to be happening in your case.

      There is a way around this with the loopback policy; check this article: