Attempting to apply policy to certain pc's

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hello All,
I have a Win 2K adv server. Working on setting up GPO to secure pc's that
connect to the domain.

I added a new OU to my AD users & computers entry called Desktop Lockdown
Next I added the group "lockdown pc" to the OU this group has all the pc's
defined that I want locked down.
When I make a policy setting change to the OU any pc that logs in to the
domain has the change applied, I thought the changes would only be applied
to the pc's that are defined in the group that I have in the OU.

Example
PC1 & PC2 log in to the domain
PC1 is in the group "lockdown pc" which is in the OU "Desktop Lockdown"
PC2 is not in the group "lockdown pc"
I change a policy setting to test "User Config","Windows Setting", "Internet
Explorer","Browser User Interface", "Browser Title" the browser tiltle
change happens everywhere instead of the pc that is in the OU

Could someone point me in the correct direction?
Any ideas are appreciated.

MMJII

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Sounds like a couple of issues are happening.
Firts, GPOs apply to OUS not groups. Movethe computer objects (laptops) into
the UO.
Second, open the GPMC (you can download it from MS if needed) and check
where the GPO is linked. I would guess you created a linked policy at the
root of the domain or a higher OU and then relinked it to the Lockdown OU.
Thats why it effects all.

Alternately, go to the properties of the GPO and change the apply and read
group policy rights so that only the lockdown laptop group is defined. This
will also work, but is not reccommended.



--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master

The pen is mightier than the sword, and considerably easier to write with.
-- Marty Feldman
"MMJII" <MMJII@microsoft.com> wrote in message
news:%23hRZeBvkFHA.3692@TK2MSFTNGP09.phx.gbl...
> Hello All,
> I have a Win 2K adv server. Working on setting up GPO to secure pc's that
> connect to the domain.
>
> I added a new OU to my AD users & computers entry called Desktop Lockdown
> Next I added the group "lockdown pc" to the OU this group has all the pc's
> defined that I want locked down.
> When I make a policy setting change to the OU any pc that logs in to the
> domain has the change applied, I thought the changes would only be applied
> to the pc's that are defined in the group that I have in the OU.
>
> Example
> PC1 & PC2 log in to the domain
> PC1 is in the group "lockdown pc" which is in the OU "Desktop Lockdown"
> PC2 is not in the group "lockdown pc"
> I change a policy setting to test "User Config","Windows Setting",
> "Internet
> Explorer","Browser User Interface", "Browser Title" the browser tiltle
> change happens everywhere instead of the pc that is in the OU
>
> Could someone point me in the correct direction?
> Any ideas are appreciated.
>
> MMJII
>
>