Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to apply GPOs to specific OUs?

Status
Not open for further replies.
xAOx

xAOx

IS-IT--Management
Aug 15, 2006
40
US
Ok this is my setup to prevent confusion:

Group Policy Management
+Forest: MyDomain.com
+Domains > MyDomain.com (with a blue exclamation point?)
>Default Domain Policy
>Desktop Change Policy (i created before)
> Domain Controllers (OU)
>Default Domain Controllers Policy
> Group Policy Objects
>Default Domain Policy
>Desktop Change Policy (i created)
>Default Domain Controllers Policy
> Terminal Group (OU)
>Terminal Members (Group)
Terminal rules (policy)
> WMI Filters
+Sites

Ok I am a Member Of; Administrators, Users, Terminal Members
Terminal Members can log into our terminal server remotely.
Since I am a member of Administrators, it is ok for me to have access rights and privileges to certain things. But Members Of "Users" and "Terminal Members" when logging remotely should have restrictions such as No control panel, Password length, etc.

In Terminal Group OU I created has the Terminal Members group and Terminal Rules policy... unfortunately it doesn't apply until I drag the policy and link it to the domain. But this is no good since everyone is effected by it except just employees who are Members of; Users and Terminal Members.

How do I filter out who gets what policy enabled? Please help.
 
Sort by date Sort by votes
You just need to either create a OU for the terminal users or if that already exists just apply the GP to it.

Remember that some settings will ONLY apply at the domain level like password policies.

Iain
 
Upvote 0 Downvote
Correct, but it seems like Terminal Servers OU, contains a Terminal rules policy that says No Access to control panel. So an Administrator who is a member of the Remote group that is in TS OU, also loses access to control panel.

I know I'm saying it in a confusing manner but basically how do I filter out some members of the Terminal group (who are not in the TS OU tho)?
 
Upvote 0 Downvote
This is where GP could get messy, you could start playing with the inheritence rules and permissions to prevent user / group X from having that rule applied.

Or you could look at doing a loopback so the admin GP is reapplied after the Terminal Service one?

Again things get messy and complex when you start this.

Good Luck,
Iain
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
612
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
744
microsGuy16
microsGuy16
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
380
hairlessupportmonkey
hairlessupportmonkey
DrB0b
  • Locked
  • Question
HyperV trying to do extended replica to external HDD
Replies
0
Views
261
DrB0b
DrB0b
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
446
technome
technome

Part and Inventory Search

Sponsor

Back
Top