This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Windows 2019 Server and GPO questions / Issue

Question
0

Sign in to vote

Hi,

I have an WK 2019 Server DC and want to create a GPO with following OUs

1) I have a OU1 with two Hosts 1 and 2

2) in the OU2 I have with three hosts 3 and 4 and 5

The GPO should be for Lock Screen. I have defined for both Ous a and 2 a GPO for Lock screen.

No I want to define a new GPO for ONLY host 3 in the same OU2.

How can I do tthat? Securtiy Filtering or a group?

What is here Leading?

Regards

Nick

Friday, July 17, 2020 12:01 PM

All replies

0

Sign in to vote

Hi,

It’s always best to use a security groups with GPO filtering even if you are only going applying it to a single user or computer.

You can refer to the following guide:

https://www.grouppolicy.biz/2010/05/how-to-apply-a-group-policy-object-to-individual-users-or-computer/

Best regards,
Leon

Blog: https://thesystemcenterblog.com LinkedIn:

Friday, July 17, 2020 12:27 PM
0

Sign in to vote
Using the wizard we can identify and GPO related issues against a user computer or a server. To run this tool following requirements need to be fulfilled.

1) Target should run windows xp operating system or newer
2) Target must be online and should be able to contact by from source without issue
3) Need administrative rights to target computer
4) WMI must be running on target and port 135 and 445 should be open

Let’s see how we can run this tool.

1) Log in to DC as domain admin or enterprise admin
2) Open server manager
3) Then go to tools > group policy management
4) Then expand the tree and go to group policy results
5) Right click on it and click group policy result wizard
6) Then it will open the wizard. Click next to continue
7) In next page select another computer option and click on brows to select the target computer
8) In next window it ask which user you need to check, select the user and click next
9) Then it gives the summary and click next to proceed
10) Then click finish to exit from the wizard
11) then we can see the result page from console
- Edited by Charles-L Friday, July 17, 2020 3:08 PM
Friday, July 17, 2020 12:40 PM
0

Sign in to vote

Hi Loen,

Thanks for your replay. Do you have read my questions? The Link you provided, tell only how I can define Group or users.

I have defined some OUs for my setting. If I understand you, you recommend to use Group Security Filtering.

Regards

Friday, July 17, 2020 1:47 PM
0

Sign in to vote

I am sorry, I know that, but it were not my question

Friday, July 17, 2020 1:48 PM
0

Sign in to vote

Hi Loen,

Thanks for your replay. Do you have read my questions? The Link you provided, tell only how I can define Group or users.

I have defined some OUs for my setting. If I understand you, you recommend to use Group Security Filtering.

Regards

Use security filtering which is targeted against a group which contains your server(s).
Blog: https://thesystemcenterblog.com LinkedIn:

Friday, July 17, 2020 3:03 PM
0

Sign in to vote
Hello Nick,

Thank you for posting here.

Q: Now I want to define a new GPO for ONLY host 3 in the same OU2.
How can I do that? Security Filtering or a group?
A:

1.We can create an GPO and link it to this OU2.

2.Edit the GPO.

3.Use “Security Filtering” to make host3 apply this GPO setting:

Step 1. Select the Group Policy Object in the Group Policy Management Console (GPMC) and the click on the “Delegation” tab and then click on the “Advanced” button.

Step 2. Select the “Authenticated Users” security group and then scroll down to the “Apply Group Policy” permission and un-tick the “Allow” security setting.
Note: That the “Allow” permission for “Read” still needs to remain ticked for “Authenticated Users”.

Step 3. Now click on the “Add” button and select the group (if we put host3 in a group) or host3 machine name that you want to have this policy apply.
Note: Make this group or host3 have “Read” and “Apply group policy” permissions.

This "Migration" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

Best Regards,
Daisy Zhou

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

"Migration" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Migration" forum's new home on Microsoft Q&A!
For more information, please refer to the sticky post.
- Edited by Daisy ZhouMicrosoft contingent staff Monday, July 20, 2020 10:27 AM
Monday, July 20, 2020 10:27 AM
0

Sign in to vote
Hi,
If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?
Best Regards,
Daisy Zhou

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

"Migration" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Migration" forum's new home on Microsoft Q&A!
For more information, please refer to the sticky post.
- Edited by Daisy ZhouMicrosoft contingent staff Wednesday, July 22, 2020 5:13 AM
Wednesday, July 22, 2020 5:13 AM
0

Sign in to vote
Hi
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

"Migration" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Migration" forum's new home on Microsoft Q&A!
For more information, please refer to the sticky post.
- Edited by Daisy ZhouMicrosoft contingent staff Friday, July 24, 2020 5:27 AM
Friday, July 24, 2020 5:27 AM