Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

GPO OU Servers won't apply

  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO OU Servers won't apply


    I have a little problem with my group policy's.
    I want a group policy for a group of users on a group of computers/servers.

    To understand the full request I will sketch our domain.

    DC: Windows 2003 R2 X64
    Servers/VMserver: variating between 2003 to 2008R2
    Client pc/laptops: variating between XP and Win7

    Domain Name
    OU Servers
    OU VMServers
    OU Users
    Sub OU Admins
    Sub OU Project Managers
    Sub OU Users
    OU Computers

    Now I want to give my project managers restricted local administrative rights on the VMservers.
    So I added the group Project Managers (who's in the OU PM) to the local administrator group on all of the VMServers.
    I also want to restrict the permissions so they can't shut down a VMServer and etc...
    I made an new GPO under the OU Project Managers and restricted everything to my wish under user configuration. Then in the security filtering I've added the servers that I want the policy to apply to.

    Now my GPO works only on my project managers but on all my pc & servers. Not only those I've added in the Security Filtering.

    I've also tried making a GPO in the OU VMserver and adding the usergroup to the security filtering but then the GPO doesn't work at all.

    To explain why I want this, the firm I work for is an IT firm and our users may have full rights without restrictions on their personal pc/laptop. Our project managers can have restricted rights on the VMservers because these are development servers.

    Can someone help my out with this one because I don't know where to look further...

    ps: after every change in the GPO and before I test something out, I did a gpupdate /force on my DC.

    Thanks for the reply's

  • #2
    Re: GPO OU Servers won't apply

    have you run gpresult ?
    this will tell you why the gpo won't apply

    however, i'd suspect it's because you're trying to filter a user-based object to only apply to compuiter objects...
    Please do show your appreciation to those who assist you by leaving Rep Point