Easy questions for the experts (I hope)

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have a single domain, with several OU's for each location within the
domain. The company has 3 offices. In each OU (or location) there are OU's
for the different departments, inside some of the departmental OU's there are
OU's for departmental managers. If I create a group policy for the
departmental OU, and a group policy for the departmental managers will they
both take hold depending on who logs in, or will one basically outrank the
other, making it null and void?

Another question, if I have users in an OU, and that has other OU's inside
of it as well as the usersrs I want to GP applied to, will this work, or must
the users and OU's be seperate?
If this is unclear I'll try to explain.

OU-->Operations, inside this OU are employees who's role is operations
Inside the Operations OU are 4 OU's--->
Materials (which has employees in it)-->
Fleet, and 2 others each with employees in it.

Is this a feasable model??


Thank You
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

At the OU level, group policy is applied in strict order, parent OU, then
child OU, then grandchild OU etc. If you have a GPO configured on all three
of these OUs, each with a different setting for the same policy, the winning
policy would be the one from the grandchild OU as this was applied last.
(You can use block policy inheritance and no override to change this default
behaviour but avoid using these settings if you possibly can.)

Note that you can also use security group filtering to apply policies, it
doesn't have to depend solely on what OU the user is in.

"Bob Feller" <BobFeller@discussions.microsoft.com> wrote in message
news:97A61B41-EF6D-450A-AE7B-4E09CF9AE29D@microsoft.com...
>I have a single domain, with several OU's for each location within the
> domain. The company has 3 offices. In each OU (or location) there are OU's
> for the different departments, inside some of the departmental OU's there
> are
> OU's for departmental managers. If I create a group policy for the
> departmental OU, and a group policy for the departmental managers will
> they
> both take hold depending on who logs in, or will one basically outrank the
> other, making it null and void?
>
> Another question, if I have users in an OU, and that has other OU's inside
> of it as well as the usersrs I want to GP applied to, will this work, or
> must
> the users and OU's be seperate?
> If this is unclear I'll try to explain.
>
> OU-->Operations, inside this OU are employees who's role is operations
> Inside the Operations OU are 4 OU's--->
> Materials (which has employees in it)-->
> Fleet, and 2 others each with employees in it.
>
> Is this a feasable model??
>
>
> Thank You
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

So, if I have a seperate group policy on each OU will they be enforced
seperately of each other??

"Simon Geary" wrote:

> At the OU level, group policy is applied in strict order, parent OU, then
> child OU, then grandchild OU etc. If you have a GPO configured on all three
> of these OUs, each with a different setting for the same policy, the winning
> policy would be the one from the grandchild OU as this was applied last.
> (You can use block policy inheritance and no override to change this default
> behaviour but avoid using these settings if you possibly can.)
>
> Note that you can also use security group filtering to apply policies, it
> doesn't have to depend solely on what OU the user is in.
>
> "Bob Feller" <BobFeller@discussions.microsoft.com> wrote in message
> news:97A61B41-EF6D-450A-AE7B-4E09CF9AE29D@microsoft.com...
> >I have a single domain, with several OU's for each location within the
> > domain. The company has 3 offices. In each OU (or location) there are OU's
> > for the different departments, inside some of the departmental OU's there
> > are
> > OU's for departmental managers. If I create a group policy for the
> > departmental OU, and a group policy for the departmental managers will
> > they
> > both take hold depending on who logs in, or will one basically outrank the
> > other, making it null and void?
> >
> > Another question, if I have users in an OU, and that has other OU's inside
> > of it as well as the usersrs I want to GP applied to, will this work, or
> > must
> > the users and OU's be seperate?
> > If this is unclear I'll try to explain.
> >
> > OU-->Operations, inside this OU are employees who's role is operations
> > Inside the Operations OU are 4 OU's--->
> > Materials (which has employees in it)-->
> > Fleet, and 2 others each with employees in it.
> >
> > Is this a feasable model??
> >
> >
> > Thank You
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

If they contain the same settings with different configured values, the
closest one to the user/computer object will win. That is, unless, you have
the No Override or Block Inheritance set, as Simon wrote.

"Bob Feller" <BobFeller@discussions.microsoft.com> wrote in message
news:30BE5CA7-B675-483B-BF20-3E5785D9C82F@microsoft.com...
> So, if I have a seperate group policy on each OU will they be enforced
> seperately of each other??
>
> "Simon Geary" wrote:
>
>> At the OU level, group policy is applied in strict order, parent OU, then
>> child OU, then grandchild OU etc. If you have a GPO configured on all
>> three
>> of these OUs, each with a different setting for the same policy, the
>> winning
>> policy would be the one from the grandchild OU as this was applied last.
>> (You can use block policy inheritance and no override to change this
>> default
>> behaviour but avoid using these settings if you possibly can.)
>>
>> Note that you can also use security group filtering to apply policies, it
>> doesn't have to depend solely on what OU the user is in.
>>
>> "Bob Feller" <BobFeller@discussions.microsoft.com> wrote in message
>> news:97A61B41-EF6D-450A-AE7B-4E09CF9AE29D@microsoft.com...
>> >I have a single domain, with several OU's for each location within the
>> > domain. The company has 3 offices. In each OU (or location) there are
>> > OU's
>> > for the different departments, inside some of the departmental OU's
>> > there
>> > are
>> > OU's for departmental managers. If I create a group policy for the
>> > departmental OU, and a group policy for the departmental managers will
>> > they
>> > both take hold depending on who logs in, or will one basically outrank
>> > the
>> > other, making it null and void?
>> >
>> > Another question, if I have users in an OU, and that has other OU's
>> > inside
>> > of it as well as the usersrs I want to GP applied to, will this work,
>> > or
>> > must
>> > the users and OU's be seperate?
>> > If this is unclear I'll try to explain.
>> >
>> > OU-->Operations, inside this OU are employees who's role is operations
>> > Inside the Operations OU are 4 OU's--->
>> > Materials (which has employees in it)-->
>> > Fleet, and 2 others each with employees in it.
>> >
>> > Is this a feasable model??
>> >
>> >
>> > Thank You
>>
>>
>>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom