Jump to content


Sign in to follow this  
jamitupya

Apply Group Policy to Security Groups

Recommended Posts

As I work in Managed Services on a global scale we have the requirement from our Clients frequently to apply individual GPO to machines in the form of Highly Managed, Lightly Managed and Un-Managed.

 

This guide WILL give you a basic run down of how to apply this filtering.

This guide will NOT provide GPO Settings, i may if i get time put together a cleaned up guide for this based loosely on our Templates.

 

This guide assumes that you have first setup Windows Server 2008 and configured it for Active Directory.

 

In a production environment please consult Technet for best practise, see below links:

 

Design Active Directory:

Document - http://technet.microsoft.com/en-us/library/bb727085.aspx

WebCast - http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032317872&CountryCode=US

 

Implement Active Directory: http://technet.microsoft.com/en-us/library/cc778219(WS.10).aspx

 

Assigning Rights on OU Objects: http://technet.microsoft.com/en-us/library/cc786285(WS.10).aspx

 

 

Best Practices Analyzer for Active Directory Directory Services (BPA AD DS): https://connect.microsoft.com/ADBPA?wa=wsignin1.0

 

 

 

Create your Security Groups.

 

Open Active Directory Users and Computers:

gpo-001.jpg

 

 

Create your GPO Security Groups, (Highly, Lightly and Un-Matched is our standard)

e.g. <sitecode>-GPO-Highly-Managed, Global Group, Security Group

 

gpo-002.jpg

Example output:-

 

 

Create your Group Policy Objects

Open GPEdit.msc

 

Navigate to “Group Policy Objects”

Right-Click – Select “New”

– Create your GPO’s to suit the above created Groups.

<sitecode>-GPO-Highly-Managed

<sitecode>-GPO-Lightly-Managed

<sitecode>-GPO-Un-Managed

 

Build your GPO to your required levels

 

Applying Group Policy to the Security Groups

Navigate down your OU Structure to where you wish to apply your Group Policies:

 

gpo-003.jpg

Example: REGIONS\APAC\<country>\<sitecode>\Workstations\

 

Right Click the OU you want to apply GP too (Workstations) , select “Link an Existing GPO…”

Select your Group Policy Object to link and Click OK

 

Select the GPO you have just linked:

gpo-004.jpg

Select Authenticated Users and Click Remove.

 

Click Add and Type in the Security Group name specific to this GPO

gpo-005.jpg

Example: <sitecode>-GPO-Highly-Managed

 

 

 

Complete for the remaining GPO’s you wish to use

 

 

Let me know if i missed anything or any recommended changes :-)

Edited by jamitupya

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...