Announcement

Collapse
No announcement yet.

GPO and OU's driving me crazy!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO and OU's driving me crazy!

    Hi guys,

    Just wondering if I could get a pointer to where I'm going wrong here...

    I have my AD set up with the following OU Structure


    Domain Root
    |
    |
    ---Hardware---|
    | |
    | ---_Unsorted
    | ---Workstations
    | ---Laptops
    | ---Servers
    |
    |
    ---People---|
    |
    ---HR
    ---IT
    ---Marketing
    ---Webdev

    I have a default domain GPO that sets the password policy in the domain root and that applies to all objects throughout the OU's

    I've created a new GPO called 'Unsorted_Computers' and have made a few changes to the 'Users' Section. Just a script and a couple of windows apps that are disabled. I've disabled the Computers Section. The security filtering on the gpo is set for domain and enterprise admins only.

    I've got a GPO called WSUS_Servers. This sits in the Servers OU. The User config is disabled but the Computer Config is enabled and the Windows Update settings have been configured. The security filtering is set for authenticated users.

    I've also got a third GPO called WSUS_Computers. This is configured as above but is in the _Unsorted, Computers and Laptops OU's. the windows Update settings are set slightly differently in this.

    My problem is that when I use Group Policy Modeling (server 200 to see what should be applied to a computer within in the _Unsored ou (as a dmoain admin), the WSUS policies are listed as being applied but the Unsorted_Computers gpo is being ignored.

    If I move the Unsorted_Computers gpo to the Domain Root, it'll apply fine. theres no inheritance blocking going on, so why doesn't it get applied when it's attached to a specific ou?

    Any Advice
    Xet

  • #2
    Re: GPO and OU's driving me crazy!

    Looks like I may have figured it out, for a user based policy to run, it looks like the gpo needs to be able to see the user object below it in the tree. as my domain user accounts were in the IT OU and the gpo was trying to be run from a different ou tree, it wouldnt apply.

    Is this normal?

    Xet

    Comment


    • #3
      Re: GPO and OU's driving me crazy!

      Hi,

      Please note that the User configuration settings of a GPO will only apply to User objects and the Computer section settings will apply to Computer objects in the OU - Unless the Loopback processing policy has been enabled.

      Ta
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment

      Working...
      X