Home page logo
/

basics logo Security Basics mailing list archives

Re: Applying Group Policies to selective OUs...
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 03 Jan 2006 21:24:06 +0000

On Thu, 2005-12-29 at 14:04 -0500, Raoul Armfield wrote:
<snip>
That is funny, having tested this I found that this does not work.

Yes it does. Did you check the documentation available ?

  You 
can not apply GPO to security groups or even if you could it becomes an 
administrative nightmare.  The whole point of OUs is to divide your 
organization into Organizational Units that you can apply policies to. 
What if someone needs to be part of an security group but does not need 
to have a certain policy applied to them or vice versa?

Like you say it's not always good idea and it is to be avoided when a
better solution exists. However, it *is* possible and it is a technique
that MS document. (it's also part of the curriculum for the 2003 MCP
exams)

http://www.google.co.uk/search?&q=filter+gpo+security+group
http://tinyurl.com/7snkl

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/a2ae66ed-2bd0-47e3-9a77-6677af514b17.mspx
http://tinyurl.com/7e464

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html
http://tinyurl.com/8fpjw


-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]