Announcement

Collapse
No announcement yet.

Group Policy Applying to Other GPO's...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policy Applying to Other GPO's...

    Here's the story.

    We started with one universal OU in our company. It had it's own GPO.
    Let's call it "Users - All".

    We quickly realized we needed another OU to extend idle time before a screensaver starts.

    So we created a new OU called "Screensaver" and moved about 50% of the users from "Users-All" into "Screensaver". I then created a new GPO and linked it to that OU.

    This worked great.

    BUT....

    Yesterday I released a software installation to "Users-All" and it was also installed on "Screensaver" machines.

    And, when I made Firewall changes to "Users-All", it also affected "Screensaver" machines.

    That wasn't supposed to happen.

    I blocked inheritance on the "Screensaver" OU, but I suspect since these are Computer Configurations, the "block inheritance" doesn't work.

    Can someone confirm this and suggest a workaround, please?
    Last edited by BlueSquares; 26th August 2010, 23:30. Reason: Should be OU...not GPO.

  • #2
    Re: Group Policy Applying to Other GPO's...

    You don't block inheritance on a GPO, you block inheritance on an OU. Is that what you meant? Are all of these computers in the same OU? If so, you can use WMI or security filtering on the GPO so that it only applies to specific computers.

    Comment


    • #3
      Re: Group Policy Applying to Other GPO's...

      Originally posted by joeqwerty View Post
      You don't block inheritance on a GPO, you block inheritance on an OU. Is that what you meant? Are all of these computers in the same OU? If so, you can use WMI or security filtering on the GPO so that it only applies to specific computers.
      Yes, that's what I meant, sorry. I edited the original post.

      Here's a screenshot. Had to blur out some obvious stuff. Can't post links yet.

      a.imageshack.us/img820/9998/826201061504pm.gif


      I created separate OU's and linked GPO's to them in the hopes they would have their own set of Computer/User permissions.
      Last edited by BlueSquares; 26th August 2010, 23:30.

      Comment


      • #4
        Re: Group Policy Applying to Other GPO's...

        I could go dig around in GPO to answer my question for myself but I'm too tired so I'll ask you: Are the settings you've set in your GPO's computer or user settings?

        Computer settings apply only to computers and user settings apply only to users.

        For example, if you set a computer setting that you want applied only to a specific set of users (for their computers) then that GPO has to be linked to the OU where the computers are, not where the users are. Follow?

        Comment


        • #5
          Re: Group Policy Applying to Other GPO's...

          These were computer settings. I was Deploying software via GPO.

          Here's the thing, we don't have computers segmented. Only users. I deployed the software to the Users-All OU, but ALL the OUs got it installed.

          Comment

          Working...
          X