|
-
July 7th, 2008, 08:53 PM
#11
Hey, still nothing so far. We tried recreating it from scratch, maybe something was missing, but that didn't work either. I just wish there was a more verbose log somewhere showing exactly what's happening with the policy application. Everything works fine if we move the computers to the Test OU, but without them in there, it refuses to apply our GPO. We're playing with different permissions right now as well, maybe we missed something there.
I'll let you know if we figure anything out.
Thanks for the help!
Dave
Alcohol & calculus don't mix. Never drink & derive.
-
July 7th, 2008, 09:37 PM
#12
Alright, keep me posted because I'll undoubtedly run into this issue someday and I'd like to understand exactly what's going on.
The one thing I was thinking is this. Use your Default Domain Policy for all other systems. Then use the Block Inheritance option on your "Test" OU. And link the GPO you created to "Test" OU. This should at least separate the two policies.
Just make sure that your Default Domain Policy is not enforced, as I'm fairly sure that will override any Block Inheritance options.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
July 7th, 2008, 09:50 PM
#13
We just talked with our windows administrator, he doesn't think it works the way we're trying to do it. He says the safest way is to just create a sub-OU under the main container where the computers sit, and apply the GPO there. That way the GPO's move down from higher levels, and the sub-ou adds to them. (The sub-ou gpo will have highest priority, then the OU above it, etc all the way up to the default domain gpo.)
This is what our windows admin does, so maybe that's the only way to get it working. I figured it would be possible to apply GPO's to a group in one OU to affect computers in a higher OU, but maybe it's simply not possible after all. Maybe this is because of possible complications, what if the computer is part of multiple groups in multiple OU's, it would make figuring out the effective GPO setting a lot more complicated.
So as of now, I will stop working on the group thing, I'll fall back to the sub-ou solution for now. Unfortunately I just don't have that much time left to play around. Hopefully I can get a test box setup and home and I can play with it on my own time.
Anyways, thanks for the help ShagDevil, I really appreciate it!
Dave
Alcohol & calculus don't mix. Never drink & derive.
Similar Threads
-
By cream47 in forum Tech Humor
Replies: 3
Last Post: November 27th, 2004, 01:05 PM
-
By w0lverine in forum Other Tutorials Forum
Replies: 2
Last Post: December 29th, 2003, 11:23 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By -DaRK-RaiDeR- in forum Newbie Security Questions
Replies: 9
Last Post: December 14th, 2002, 08:38 PM
-
Replies: 1
Last Post: July 15th, 2002, 03:46 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
