none
GPO Targetting Preference Issue with Users

    Question

  • We have been using Logon script. Now we want to map drives via gpo.

    I first create an OU (A). Inside that OU I create another 2 Test OU (A1 and A2), then in them i create 2 test users respectively. in these 2 separate OU, I create each a Global security group and add those users into it.

     

    On my GPM, I created a single Group Policy and Link it to my OU (A). I have 2 seperate mapped drives.

    I applied Target Group Policy Preference to those Security Groups.

    Now it all works fine, perfectly well with the filtering, Logged of and log back in, drives are mapped accordingly

    Now I want to make a test with one of my old user who uses logon script before because I will soon roll out that policy on our domain,

    With that old user, I remove the default logon script on the AD user profile tab.

    Then i add the old user to one of my Security group in either of them A1 OU or A2 OU group. Run gpupdate/force on the server. Then sign in with that old user.

    Now , No drives are mapped with that old user

    I have checked my default domain Policy that no script is enable on log on and even all other policy that have been implemented with no logonscript enable

    If there is any configuration i still need to add..

     

    Very much appreciated for solution


    ----- bsl

    Thursday, January 15, 2015 3:01 AM

Answers

  • Am 15.01.2015 um 04:01 schrieb 12BSL:
    > Then i add the old user to one of my Security group in either of them A1
    > OU or A2 OU group. Run gpupdate/force on the server. Then sign in with
    > that old user.
     
    GPOs do not apply to groups, but to users/computers. The USER must
    reside in A1 OU or A2 OU, not the group.
     
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Thursday, January 15, 2015 10:42 AM
  • Thank you all for your contribution.

    From now, it's working now.

    I will get back to the list if there is any Issue arise.

    I am re-creating all of our Business Organizational OU structure.

    Thanks again

    Rgds


    ----- bsl

    Monday, January 26, 2015 5:09 AM

All replies

  • Can you help to narrow down the issue? Take gpresult of the old user and post here.

    Also check if there is any conflict, with regards to any other security groups


    Regards, Prabhu

    Thursday, January 15, 2015 5:39 AM
  • Am 15.01.2015 um 04:01 schrieb 12BSL:
    > Then i add the old user to one of my Security group in either of them A1
    > OU or A2 OU group. Run gpupdate/force on the server. Then sign in with
    > that old user.
     
    GPOs do not apply to groups, but to users/computers. The USER must
    reside in A1 OU or A2 OU, not the group.
     
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Thursday, January 15, 2015 10:42 AM
  • Thank you.

    The user is not in that OU, It is an old user who always logged into our network before.

    I created a security group inside that test OU (A1 OU) then add the old user into that security group.
    That security group is in the A1 OU.

    gpo was linked to that A1 OU. and I apply the targeting preference to Security group (via the common tab in the new map drive window) which was created in the A1 OU.

    When logged on with that old user, drives cannot be mapped

    hope that clarifies..

    appreciate

    ----- bsl

    Sunday, January 18, 2015 11:44 PM
  • > The user is not in that OU, It is an old user who always logged into our
    > network before.
     
    My post was not a question, so "no need for clarification". Read again:
    GPOs do NOT apply to groups, but to users (and computers). And the user
    MUST be in the OU the GPO is linked to.
     
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Monday, January 19, 2015 9:24 AM
  • Thanks Martin,

    i got your Idea, that GPO's does not apply to groups but to users and Computers.

    My Point of view here is the Targeting Preference which applies to Security Group. Ref to this link; 

    http://blogs.technet.com/b/askds/archive/2011/06/13/target-group-policy-preferences-by-container-not-but-group.aspx.

    Regards


    ----- bsl


    • Edited by 12BSL Monday, January 19, 2015 9:00 PM
    Monday, January 19, 2015 8:32 PM
  • Thanks Prabhu.

    Old users were using a logon script. I have disable the old user logon script from its profile tab since the logon script are not enable on GPO but via a NETLOGON scrip.

    Gpresult on both users are the same except that the new user was included with the new mapped gpo.

    for the Security group, I am using a Target group Policy preference to Security Groups. See this article

    http://blogs.technet.com/b/askds/archive/2011/06/13/target-group-policy-preferences-by-container-not-but-group.aspx.

    Rgds


    ----- bsl

    Monday, January 19, 2015 8:44 PM
  • Thank you all for your contribution.

    From now, it's working now.

    I will get back to the list if there is any Issue arise.

    I am re-creating all of our Business Organizational OU structure.

    Thanks again

    Rgds


    ----- bsl

    Monday, January 26, 2015 5:09 AM