Announcement

Collapse
No announcement yet.

need advice on linking GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • need advice on linking GPO

    Hi,
    I would like to check the question of moving OUs in Parent OU.
    The scenario:
    Currently:
    OU Servers with one GPO (net time). Blocked inheritance.
    Then Another 5 OUs Servers APPs, Servers Citrix and etc.
    These 5 OUs are not sub OUs of Servers. Just on the same tree level. Each OU has linked GPOs. One of GPO's is "net time". Each OU has blocked inheritance.

    my planning:
    1. want to move each of 5 Server's OU to the OU named Servers.
    2. assume that linked GPOs will follow moved OU.
    3. want to link GPOs necessary for each sub OU to my parent Servers OU. Example Net time GPO, WSUS gpo.
    4. Remove block inheritance from sub OUs and insure that on parent I have block inheritance.
    5. Remove common GPOs net time and wsus from sub OUs.
    This way common GPOs linked to Parent will propagate to sub OUs and sub OUs will have only their specific GPOs linked.
    Is it correct?
    Thanks.
    Last edited by mla; 30th January 2012, 18:19. Reason: typo
    "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

  • #2
    Re: need advice on linking GPO

    1) Easy in ADUC
    2) Yes
    3) Yes, create and link GPO at highest level
    4) Yes, nothing will go from domain down to Servers OU
    5) Will propagate from parent

    Basically, you have it right
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: need advice on linking GPO

      Thanks Ossian.

      Also, I think there is no need for gpo enforcement in any sub OU as well as at parent. ?????
      "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

      Comment


      • #4
        Re: need advice on linking GPO

        Correct, GPO Enforcement over-rides "block inheritance", so not normally needed
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment

        Working...
        X