none
GPOs application for all users/distinct computers

    Question

  • Dear all,

    I have the following situation:

    - One OU COMPUTERS which contains only computers C1, C2, C3, C4

    - One OU USERS which contains only users U1, U2, U3

    I have 2 GPOs G1, G2 that make change on computer and user configuration.

    I would like to apply :

    - G1 for all the users (U1 to U3) and computers C1, C2 only

    - G2 for all the users (U1 to U3) and computers C3, C4 only

    I tried to apply the GPO on both OU and to filter (security filtering) on groups:

    - GRP_G1 in which I added C1 and C2

    - GRP_G2 in which I added C3 and C4

    However, G1 and G2 are not applied : reason denied : empty.

    What is the solution?

    Thanks in advance.


    Wednesday, March 25, 2015 8:06 AM

Answers

  • Hi Yann,

    Settings within a GPO will only apply to objects within the OU.

    In your case, there is no user object in OU1, then no user will apply any user settings configured in any GPOs of OU1, the same goes with computer object.

    To better configure this, please place users and computers into the same OU when you want configure both user and computer configuration settings on single GPO. After that, remove authenticated users group, add necessary groups/objects to perform security filtering.

    You can also separate users and computers into different OUs when you intend to create multiple GPOs and only configure user or computer configuration setting based on the objects contained in the OU.

    In addition, edit settings within the GPO to ensure that contents are not empty.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 26, 2015 3:20 AM
    Moderator