Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Cohesively synergizing efficiency paradigms by leveraging group policies
 
  • Locked thread
Fourteen
Aug 15, 2002

No, no, no you imbecile! That's not talc, that's paprika!
GP is some incredibly, powerful stuff when you really get into it. People can rip on MS for a lot (and deservedly so), but GP deserves their utmost praise. You guys should check out the Jeremy Moskowitz books if you want to read more (Amazon search - the 2 new 2008 books are 1 and 2 on this page). Moskowitz really knows his stuff. If I could get my company to pay for it, I'd attend one of his workshops.

* # ¿ Sep 18, 2008 22:37
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 24, 2024 09:01
  • Quote
Fourteen
Aug 15, 2002

No, no, no you imbecile! That's not talc, that's paprika!

Ixian posted:

Being new to this I'm having trouble figuring out how to separate computers in to separate groups and apply different GPO's to each - which I assume is a pretty basic function.

I have a single top level domain in a small office (40 workstations, 30 servers, 4 or 5 printers). OS's are a mix of 2003 Server, XP SP3, and Vista business with two new 2008 servers we are testing. The two AD controllers are 2k3R2.

I want to be able to set it up so that, for example, all the workstations have one firewall policy enforced, and servers another.

I'd also like to be abbe to apply policies based on group membership. The problem I have is I think the default AD structure is laid out too simple. I have an OU called Accounts, then all users under that, and then security groups breaking out the users depending on department. For machines I have the default computer OU and have made two security groups, Workstations and Servers, for each type. Using Vista and the tools suggested here I cannot for the life of me figure out how to create GPO's that only apply to those security groups. Any GPO I create, such as the one I did for my WSUS server, is domain-wide.

I suspect I'm doing something fundamentally wrong so if anyone has any pointers they'd be much appreciated.

Use the Security Filtering part of your GPO to get GPO's to apply to security groups. Check out the screenshot on this page. Security Filtering is in the lower right quadrant of the GPMC console when you're looking at a GPO. If your GPO is affecting Computer settings, put your security group with your computers in there; if it's User settings, put a security group with users in there. Remove Authenticated Users, too.

Filtering GPO's based on security groups can really help you flatten out and uncomplicate an AD structure since you can eliminate OU's if the only reason they exist is to separate objects for Group Policy purposes.

* # ¿ Oct 30, 2008 17:05
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Cohesively synergizing efficiency paradigms by leveraging group policies