General discussion

Locked

Applying Group Policy to Admin Groups

By a.grogan ·
Hi, I need to make a specific Group policy apply to a set of computers that when a domain admin (e.g. any one in the following groups: Domain Admins, Enterprise Admins, Schema Admins) it take effect.

I currently have an OU with all of my servers in, that I have configured a GPO object (Called Servers Policy) with the selected groups configured to have the policy apply to them when they logon.

The problem is the policy does not work - no admin is picking up the settings.

I have blocked policy inheritance, and set no override - I have also enabled loopback in replace mode, but to no avail.

Can anyone help?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by ewgny In reply to Applying Group Policy to ...

Group Policy can only be applied to users or computers not groups. What is it you are trying to acomplish? Using computer configuration in the server OU you can control who can log on with user right assignment, The computer configuration half of the group policy has pretty granular control of those that you allow to log on.

Collapse -

by a.grogan In reply to

Thanks, but you can apply GPO to groups (by placing your groups in an OU and applying a policy to the OU).

Collapse -

by br In reply to Applying Group Policy to ...

You wil have to create a GPO on the Servers OU.
Then you?ll have to grant read and apply rights to the admin groups (group policy filtering) and enable loopback processing (loopback processing).

Collapse -

by a.grogan In reply to

Thanks, I found that (just before reading your comment) that setting the GPO loopback to replace (rather than merge) and adding Authenticated users to the GPO made the whole thing work!

Collapse -

by a.grogan In reply to Applying Group Policy to ...

This question was closed by the author

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Forums