Multiple GPO's

By bleslie ·
We are currently using group policy for some very basic policy setttings, like password policies, remote desktop, and removing features like msn.

We are starting to deploy outlook and windows update policies that we don't want to go to everyone (servers and a few xp pro machines.)

Everthing is under one domain and I quickly found out that using one gpo for all settings isn't going to work if I want some users to get all the policies and some users to get half of them.

I then created two more gpo's on top of the default domain policy. I created a "outlook" and "wsus" gpo and set only revelant rules for those policies. I figured I could apply the default policy to everyone which includes polcies for passwords etc and apply specific users/groups/machines to the other two policies as needed.

Basicly I dont want our server to get wsus updates along with a few xp machines
and I want to slowly add users to the outlook policies and leave some out of it.

To me it seems like only the default gpo is being applied and the other two are being ignored or over ruled.

How do i set up group policy so everybody gets some rules(read default policy) and some poeple get all (read outlook, wsus and default policies)?

I've looked everywhere and nothing seems to address my specific question so I appoligize if this has been covered before and I hope I've be able to explain my sitiuation and needs clearly enough

Ben Leslie

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Block Inheritance

by ian.hutty In reply to Multiple GPO's

You need to move things you dont want the overall setting imposed on to another OU and on this OU set the 'block inheritance' setting.

Collapse -

More OU's!

by scott_heath In reply to Multiple GPO's

Create different OUs (Containers) and put your objects in them. For my production domain I have a POS Computers OU and a POS Users OU. Under each OU I create another OU for specific divisions. There is the default domain policy, but then unique policies are applied at the POS Computers and POS Users level that should apply to everyone as well. Then other specific policies are applied at a division level, like our screen saver being unique for different stores.

I hope that helps some. If you have questions let me know.

Collapse -

Scott I believe has the right suggestion

by CG IT In reply to More OU's!

more OUs in which you collect those you want the GPO you apply to the OU to get.

Related Discussions

Related Forums