Security Basics: Re: Applying Group Policies to selective OUs...

[Raoul Armfield <armfield () amnh org>]

Jim Gaudet wrote:
> The user object, or computer object have to live in the OU. I found it
> easier to just create a security group, instead of an OU. Then put the
> members in the group, either user of computer. Then on the GPO, remove
> the Authenticated Users group, and replace with the security group you
> just created. 
>
> Now the GPO will only be applied to this group.
That is funny, having tested this I found that this does not work.  You 
can not apply GPO to security groups or even if you could it becomes an 
administrative nightmare.  The whole point of OUs is to divide your 
organization into Organizational Units that you can apply policies to. 
What if someone needs to be part of an security group but does not need 
to have a certain policy applied to them or vice versa?

Raoul



--
Raoul Armfield
rarmfield at amnh dot org

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------