GPO issues....

Group Policy cannot be applied to Groups at all. Only users objects and computer objects.
You can filter on groups with permissions, but the GPO itself cannot be applied to a group object.

I didn't notice your mention of groups in your PM - sorry.

You're trying to apply group policy to a security group and have it inherited to the members of the group? Even though the name says "group policy" it has nothing to do with groups. You need to place the users in the OU or link the GPO to the OU that the users reside in to apply the GPO.

GPO can be applied to Sites, Domains' and Organizational Units, not to groups, and not inherited through a group like permissions.

Okay thanks. Thats strange that is had the desired results at first. dang I think I need to go back to the books on GPO's.

GPO setting will remain on the local computer (in the regristy) until there is another GPO applied to remove them. This sometimes can result in erradic results when appling GPO's to users because if a user with no GPOs applied to their account logs onto a computer where someone else has logged on with a GPO that removes the "run" option from the start menu, the user with no GPO applied will not have the run option either, because that policy is still enforced in the local registry.

hmmm.....Interesting

Derek, is there anything you don't know? Thanks again.

shednik

Netstudent wrote:

hmmm.....Interesting

Derek, is there anything you don't know? Thanks again.

I know seriously dt

Microsoft claims that as long as the policies you set are stored in one of four approved registry locations they are not persistent, in that when you remove the GPO that applied the policy, they revert to a default state. These are called true policy settings, as opposed to preferences. The locations are:

HKEY_LOCAL_MACHINE\SOFTWARE\policies (preferred location)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\policies (preferred location)
HKEY_ CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies

They also claim that everything displayed in the GPMC under Administrative Templates are true policy settings, however I have not seen this to be entirely true, especially with regard to IE settings.

Sprkymrk is your resident expert in all things Microsoft, I just thrown in my 2 cents when I know the answer

Other than that I shut up and watch.

dtlokee wrote:

Sprkymrk is your resident expert in all things Microsoft, I just thrown in my 2 cents when I know the answer Other than that I shut up and watch.

.

I take all the help I can get, heaven knows I need it. I've been wrong many times. Please chime in whenever you feel like it. I learn new stuff every day around here. Nice to see the Cisco guys over here once in while anyway.

shednik

Like you said mark MS kinda grows on you like a fungus

but i still like cisco better

I appreciate the input guys.

dynamik

sprkymrk wrote:

I learn new stuff every day around here.

This is really what drives me to be so active here. I handle the IT-responsibilities for a small business with just under 30 employees. I only apply a small percentage of what I've learned on a daily basis, and I'm afraid that I will slowly lose the rest of that knowledge over time. Participating in more complex discussions on this site makes me feel like I am in a larger enterprise environment and helps solidify what I've learned.

dynamik wrote:

sprkymrk wrote:

I learn new stuff every day around here.

This is really what drives me to be so active here. I handle the IT-responsibilities for a small business with just under 30 employees. I only apply a small percentage of what I've learned on a daily basis, and I'm afraid that I will slowly lose the rest of that knowledge over time. Participating in more complex discussions on this site makes me feel like I am in a larger enterprise environment and helps solidify what I've learned.

I agree. It's like playing tennis, you only get better playing with people who are above your skill level

shednik wrote:

Like you said mark MS kinda grows on you like a fungus but i still like cisco better

I like MS, Linux, and Cisco. On any given day my order of preference varies.

Mishra

dynamik wrote:

sprkymrk wrote:

I learn new stuff every day around here.

This is really what drives me to be so active here. I handle the IT-responsibilities for a small business with just under 30 employees. I only apply a small percentage of what I've learned on a daily basis, and I'm afraid that I will slowly lose the rest of that knowledge over time. Participating in more complex discussions on this site makes me feel like I am in a larger enterprise environment and helps solidify what I've learned.

Or you are just a giant nerd.

I'm pretty sure most of the people who try to help others do it to help them stay on top of the game.

I enjoy MS Linux and Cisco as well... Now we just need people asking Linux questions more often as I'm pretty good with it too but I can't manage it in my new job so those skills will fade away over time.

dynamik

Mishra wrote:

Or you are just a giant nerd.

Actually, I have no friends and really low self-esteem. I just participate to obtain some low level of validation.

<- Psych Major

dynamik wrote:

Mishra wrote:

Or you are just a giant nerd.

Actually, I have no friends and really low self-esteem. I just participate to obtain some low level of validation.

<- Psych Major

In that case I would start looking for a tall building...

paintb4707

dtlokee wrote:

You're trying to apply group policy to a security group and have it inherited to the members of the group? Even though the name says "group policy" it has nothing to do with groups. You need to place the users in the OU or link the GPO to the OU that the users reside in to apply the GPO.

GPO can be applied to Sites, Domains' and Organizational Units, not to groups, and not inherited through a group like permissions.

Are you sure? I created a group policy that applies to a security group of users and computers. The GPO is linked to the root domain and no OU in particular. The GPO has applied for everyone.

I've also done it in a test environment and proved that it did work.

paintb4707 wrote:

dtlokee wrote:

You're trying to apply group policy to a security group and have it inherited to the members of the group? Even though the name says "group policy" it has nothing to do with groups. You need to place the users in the OU or link the GPO to the OU that the users reside in to apply the GPO.

GPO can be applied to Sites, Domains' and Organizational Units, not to groups, and not inherited through a group like permissions.

Are you sure? I created a group policy that applies to a security group of users and computers. The GPO is linked to the root domain and no OU in particular. The GPO has applied for everyone.

I've also done it in a test environment and proved that it did work.

Your GPO is being applied to users and computers because you have applied the GPO to the domain. It is not being specifically applied to groups.

Try this: Create a test GPO that does something obvious, like change the wallpaper or something. Then create a test OU, call it whatever you like, say "WPTest" or something. Now, place ONLY groups in that OU. You'll see that when you log in as a member of that group, it won't change the wallpaper. Add a USER to that OU, log in as that user, and voila, wallpaper!