4

I've created a test domain with 2 VM's to experiment and try to gain some knowledge using Server 2008 (+GPO's, OU's, ADUC etc) however I've become a little stuck.

I've created an OU called User Policies and linked a GPO within that OU called Menu Lock Down. The idea to is simply create a 'test' OU that locks down the Start menu so the users within that OU cannot use various options like Run and Network settings.

This is where I've become stuck. I've created a Security Group within User Policies (Via ADUC) and added a few users to the group (Guest) but for whatever reason, the policies of that group won't apply to the relevant users. They only apply to users when the users themselves are in the OU via ADUC.

My question is this, is there a way to link a security group to an OU so that if I want a new user to have the same restricted access to the Start menu, I just have to add that user to the security group?

Ward - Trying Codidact
  • 12,899
  • 28
  • 46
  • 59
obious
  • 181
  • 3

1 Answers1

3

You can't apply Group Policies directly to Security Groups. You can filter on a Security Group, but not apply to one.

So what you are seeing is normal behavior. In order for a user to get the policy that you are applying (in your current configuration), their User object would need to be in the User Policies OU.

However, if you want to set it up so that only users in the group get those settings, you could link that policy at the Domain level. You can then use Security Filtering to remove the default Authenticated Users, and add in the group you created.

This will make it so that your policy will apply to any user object in your domain, but only ones that are within the group you setup.

HostBits
  • 11,796
  • 1
  • 25
  • 39