Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2012 R2 group policy update question


  • Please log in to reply
4 replies to this topic

#1 jrobe29131

jrobe29131

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 13 June 2017 - 09:25 PM

This should be a simple one :)

 

I have a domain with one client computer connected to it. On the server I have two OU's: Alpha and Bravo. Each OU has several user profiles inside. 

 

I want to apply a simple group policy object (wallpaper change) that only applies to the users in Bravo OU. In group policy manangement when I click on group policy update it says " No computer objects could be found in this OU"  

 

What do I need to do? 



BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,085 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:31 AM

Posted 13 June 2017 - 10:52 PM

This should be a simple one :)

 

I have a domain with one client computer connected to it. On the server I have two OU's: Alpha and Bravo. Each OU has several user profiles inside. 

 

I want to apply a simple group policy object (wallpaper change) that only applies to the users in Bravo OU. In group policy manangement when I click on group policy update it says " No computer objects could be found in this OU"  

 

What do I need to do? 

When ever you work with GPO's mate always create a Group in active directory. Then add the PC's to that group so create a group called WallpaperPCs and make it a distribution group. Then add the PC and then when creating the GPO assign the WallpaperPc group to be the one that gets applied (Undr common tab, them item level targeting, select security group, then select the group).

 

Then if you have this under the User_Config in the GPO, type gpupdate /target:user to apply the policy.

If you are applying this to the Computer then gpupdate /force then restart



#3 jrobe29131

jrobe29131
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 15 June 2017 - 04:42 PM

Where do I find the common tab and item level targeting.

 

 

I have the wallpaper GPO linked to the organizational unit that the distribution group is in. I moved the computer into the group and did gpupdate but the policy has only taken effect on some of the users in that OU.

 

This should be a simple one :)

 

I have a domain with one client computer connected to it. On the server I have two OU's: Alpha and Bravo. Each OU has several user profiles inside. 

 

I want to apply a simple group policy object (wallpaper change) that only applies to the users in Bravo OU. In group policy manangement when I click on group policy update it says " No computer objects could be found in this OU"  

 

What do I need to do? 

When ever you work with GPO's mate always create a Group in active directory. Then add the PC's to that group so create a group called WallpaperPCs and make it a distribution group. Then add the PC and then when creating the GPO assign the WallpaperPc group to be the one that gets applied (Undr common tab, them item level targeting, select security group, then select the group).

 

Then if you have this under the User_Config in the GPO, type gpupdate /target:user to apply the policy.

If you are applying this to the Computer then gpupdate /force then restart

 



#4 sflatechguy

sflatechguy

  • BC Advisor
  • 2,071 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 PM

Posted 18 June 2017 - 08:57 AM

@JohnnyJammer "so create a group called WallpaperPCs and make it a distribution group."

I think you meant to say security group. You can't use distribution groups to scope or apply group policies.

 

Also, thanks to recent changes, if you are going to scope a GPO to a security group, you still need to ensure that Authenticed Users have at least Read access to the GPO, or the group policy won't be applied. This will include all computers, as computers are also considered "users". We learned this the hard way when Microsoft pushed out an update and the new GP security settings played hell with our folder redirection.



#5 jrobe29131

jrobe29131
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 21 June 2017 - 11:17 AM

I just solved it. 

 

To do that I created a new OU called "Units" and put the Client computer in it. Inside that OU I created two new OU's, Alpha and Bravo with a group called bravo group for users in the Bravo OU.. 

I created a new GPO that applies to "Units"  used the GPO settings to only apply to Bravo and it works. 

 

Thanks sflatechguy and Johnny

 

@JohnnyJammer "so create a group called WallpaperPCs and make it a distribution group."

I think you meant to say security group. You can't use distribution groups to scope or apply group policies.

 

Also, thanks to recent changes, if you are going to scope a GPO to a security group, you still need to ensure that Authenticed Users have at least Read access to the GPO, or the group policy won't be applied. This will include all computers, as computers are also considered "users". We learned this the hard way when Microsoft pushed out an update and the new GP security settings played hell with our folder redirection.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users