locked
cross forest computer policy RRS feed

  • Question

  • Hi all,

              I am trying to apply the computer group policy created in domain1 forest to the other domain in the other forest. The two forests are in trust relationship ( Two Way forest trust). I have searched about how to do it but found that we can only apply the user policy of one forest to another forest but not the computer group policy.

    is there any way to apply the computer group policy created in the domain of one forest to the domain of another forest ?

    Please help me.

    Thanks,

    Vishwajeet.

    Wednesday, January 9, 2013 6:06 AM

Answers

  • Hi,

         I found the workaround for applying the computer based policy of one domain to another domain.

         we just need to export the group policy of one domain and import the exported group policy to another domain.

        And update the group policy of the client machine. The group policy will be applied the client computer.

    • Proposed as answer by Gaurav_Ranjan Friday, January 11, 2013 4:33 AM
    • Marked as answer by Cicely Feng Thursday, January 17, 2013 1:22 AM
    Thursday, January 10, 2013 11:11 AM
  • I would not recomend that ;best create a new GPO  with same settings for other domain/forest.

    However, see ----->Computer Configuration/Administrative Templates/System/Group Policy/Allow Cross- forest user policy

    Check the below link

    http://support.microsoft.com/kb/823862

     

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    • Marked as answer by Cicely Feng Thursday, January 17, 2013 1:22 AM
    Wednesday, January 9, 2013 6:57 AM
  •  
    > I know I can import the GPOs from one domain to another with the same
    > settings. But what I am trying to do link a GPO (Computer based) of
    > one domain to another domain so that I will not have the need to
    > create or import the GPO from one domain to another.
     
    You cannot. Computers cannot leave their forest for policy processing.
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Marked as answer by Cicely Feng Thursday, January 17, 2013 1:22 AM
    Wednesday, January 9, 2013 2:36 PM

All replies

  • I would not recomend that ;best create a new GPO  with same settings for other domain/forest.

    However, see ----->Computer Configuration/Administrative Templates/System/Group Policy/Allow Cross- forest user policy

    Check the below link

    http://support.microsoft.com/kb/823862

     

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    • Marked as answer by Cicely Feng Thursday, January 17, 2013 1:22 AM
    Wednesday, January 9, 2013 6:57 AM
  • Thanks for your response.

    But the scheme you have mentioned is for the user policies only. What if the group policies getting applied are computer policies.

    I know I can import the GPOs from one domain to another with the same settings. But what I am trying to do link a GPO (Computer based) of one domain to another domain so that I will not have the need to create or import the GPO from one domain to another.

    Wednesday, January 9, 2013 7:43 AM
  •  
    > I know I can import the GPOs from one domain to another with the same
    > settings. But what I am trying to do link a GPO (Computer based) of
    > one domain to another domain so that I will not have the need to
    > create or import the GPO from one domain to another.
     
    You cannot. Computers cannot leave their forest for policy processing.
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Marked as answer by Cicely Feng Thursday, January 17, 2013 1:22 AM
    Wednesday, January 9, 2013 2:36 PM
  • Hi,

         I found the workaround for applying the computer based policy of one domain to another domain.

         we just need to export the group policy of one domain and import the exported group policy to another domain.

        And update the group policy of the client machine. The group policy will be applied the client computer.

    • Proposed as answer by Gaurav_Ranjan Friday, January 11, 2013 4:33 AM
    • Marked as answer by Cicely Feng Thursday, January 17, 2013 1:22 AM
    Thursday, January 10, 2013 11:11 AM