Home page logo

basics logo Security Basics mailing list archives

Re: Applying Group Policies to selective OUs...
From: Raoul Armfield <armfield () amnh org>
Date: Thu, 29 Dec 2005 14:04:38 -0500

Jim Gaudet wrote:
The user object, or computer object have to live in the OU. I found it
easier to just create a security group, instead of an OU. Then put the
members in the group, either user of computer. Then on the GPO, remove
the Authenticated Users group, and replace with the security group you
just created.
Now the GPO will only be applied to this group.

That is funny, having tested this I found that this does not work. You can not apply GPO to security groups or even if you could it becomes an administrative nightmare. The whole point of OUs is to divide your organization into Organizational Units that you can apply policies to. What if someone needs to be part of an security group but does not need to have a certain policy applied to them or vice versa?


Raoul Armfield
rarmfield at amnh dot org

The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]