GPO applying to only users

Toggle sidebar Toggle sidebar
T

Tony

Distinguished
Aug 5, 2001
1,944
0
19,780
Archived from groups: microsoft.public.win2000.group_policy (More info?)

How do I make a GPO to apply to only certain users or groups? I currently
have OUs setup and I put computers in there.
So users have to log in to their own computer to get the GPO. I want the GPO
to be based on groups.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Tony,

To do this you need to modify the ACL of the GPO itself... go to the OU and
select Group Policy, then click the Properties button and select the security
tab. That is where the ACL list for the GPO is. One of the default
permissions is for Authenticated Users to have read and apply; remove that
and add your group that you want and give them read and apply. Remember
though that the user must be in the OU where the GPO resides for this to work
otherwise you will need to enable loopback policy processing in the GPO.

Mike.


"Tony" wrote:

> How do I make a GPO to apply to only certain users or groups? I currently
> have OUs setup and I put computers in there.
> So users have to log in to their own computer to get the GPO. I want the GPO
> to be based on groups.
>
>
>
 
T

Tony

Distinguished
Aug 5, 2001
1,944
0
19,780
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Users are in a totally different OU. So by enabling loopback, If user logs
in from any computer whether it is in or not in the OU will get the GPO?
"Mike S." <Mike S.@discussions.microsoft.com> wrote in message
news:F4F98E7E-B73B-4C91-9201-E8C079893F89@microsoft.com...
> Tony,
>
> To do this you need to modify the ACL of the GPO itself... go to the OU
> and
> select Group Policy, then click the Properties button and select the
> security
> tab. That is where the ACL list for the GPO is. One of the default
> permissions is for Authenticated Users to have read and apply; remove that
> and add your group that you want and give them read and apply. Remember
> though that the user must be in the OU where the GPO resides for this to
> work
> otherwise you will need to enable loopback policy processing in the GPO.
>
> Mike.
>
>
> "Tony" wrote:
>
>> How do I make a GPO to apply to only certain users or groups? I currently
>> have OUs setup and I put computers in there.
>> So users have to log in to their own computer to get the GPO. I want the
>> GPO
>> to be based on groups.
>>
>>
>>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Yes,

Loopback changes the way that GPOs are processed.

Normally when the computer boots up it will process any GPOs that are linked
to the OU ( well, we could also say container but let's just focus on the
OUs for now ) in which the computer account object directly resides. You
are then prompted for a user name and password and domain. So, you supply
your user name and password. At that moment all of the GPOs that are linked
to the OU in which your user account object directly resides are processed.
This is all assuming the default behavior ( with the Authenticated Users
group remaining in use ). And the key is that when the computer boots up
only settings that are configured in the Computer Configuration area are
applied and when the user logs on only the settings that are configured in
the User Configuration area are applied.

Now, what Loopback does - and know that there are two types: Merge and
Replace - is changes this processing.

HTH,

Cary

"Tony" <tonyw@suse.stanford.edu> wrote in message
news:eFcSmSVsEHA.2720@TK2MSFTNGP12.phx.gbl...
> Users are in a totally different OU. So by enabling loopback, If user logs
> in from any computer whether it is in or not in the OU will get the GPO?
> "Mike S." <Mike S.@discussions.microsoft.com> wrote in message
> news:F4F98E7E-B73B-4C91-9201-E8C079893F89@microsoft.com...
> > Tony,
> >
> > To do this you need to modify the ACL of the GPO itself... go to the OU
> > and
> > select Group Policy, then click the Properties button and select the
> > security
> > tab. That is where the ACL list for the GPO is. One of the default
> > permissions is for Authenticated Users to have read and apply; remove
that
> > and add your group that you want and give them read and apply. Remember
> > though that the user must be in the OU where the GPO resides for this to
> > work
> > otherwise you will need to enable loopback policy processing in the GPO.
> >
> > Mike.
> >
> >
> > "Tony" wrote:
> >
> >> How do I make a GPO to apply to only certain users or groups? I
currently
> >> have OUs setup and I put computers in there.
> >> So users have to log in to their own computer to get the GPO. I want
the
> >> GPO
> >> to be based on groups.
> >>
> >>
> >>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom