|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
GPO Processingin our active directory structure we have many OU'S. We have a terminal
services OU where we have 3 terminal server computer accounts. Now we have a GPO attached to this OU. We locked our terminal servers down pretty tight with alot of computer-admin-windows explorer settings. Now my question is 2 OU's down we have a WSUS OU where we have all of our computer accounts with a GPO attached to this which just has WSUS settings for our workstations. Now why isn't this OU inheriting the settings from the terminal services OU's GPO. I thought setting from upper level GPO's are send downwad unless a setting at a lower gpo is conflicting. Is the WSUS OU a child of the TS OU, or a peer? Only children inherit GPO
settings. Does the WSUS OU have 'block inheritence' set with regard to GPO processing? neil Show quoteHide quote "one3cap" wrote: > in our active directory structure we have many OU'S. We have a terminal > services OU where we have 3 terminal server computer accounts. Now we have a > GPO attached to this OU. We locked our terminal servers down pretty tight > with alot of computer-admin-windows explorer settings. Now my question is 2 > OU's down we have a WSUS OU where we have all of our computer accounts with a > GPO attached to this which just has WSUS settings for our workstations. Now > why isn't this OU inheriting the settings from the terminal services OU's > GPO. I thought setting from upper level GPO's are send downwad unless a > setting at a lower gpo is conflicting. no 'block inheritence' is not set on the GPO, the OU is not a child domain.
I was just watching a CBT nugget from nuggetlab on this same issue i am having to clarify things. And the video had said the GPO will be inherited down all the way through the AD structure. This would make sense if only child OU's inherite these settings. But ya you dont hit the X and expand the terminal services OU and then see the WSUS OU. It is not a child. so did this answer my question? thanks Show quoteHide quote "Neil Ruston" wrote: > Is the WSUS OU a child of the TS OU, or a peer? Only children inherit GPO > settings. > > Does the WSUS OU have 'block inheritence' set with regard to GPO processing? > > neil > > > > > "one3cap" wrote: > > > in our active directory structure we have many OU'S. We have a terminal > > services OU where we have 3 terminal server computer accounts. Now we have a > > GPO attached to this OU. We locked our terminal servers down pretty tight > > with alot of computer-admin-windows explorer settings. Now my question is 2 > > OU's down we have a WSUS OU where we have all of our computer accounts with a > > GPO attached to this which just has WSUS settings for our workstations. Now > > why isn't this OU inheriting the settings from the terminal services OU's > > GPO. I thought setting from upper level GPO's are send downwad unless a > > setting at a lower gpo is conflicting. As I said, only child OUs inherit GPO settings. The behaviour you see is
correct. neil Show quoteHide quote "one3cap" wrote: > no 'block inheritence' is not set on the GPO, the OU is not a child domain. > I was just watching a CBT nugget from nuggetlab on this same issue i am > having to clarify things. And the video had said the GPO will be inherited > down all the way through the AD structure. This would make sense if only > child OU's inherite these settings. But ya you dont hit the X and expand the > terminal services OU and then see the WSUS OU. It is not a child. so did this > answer my question? thanks > > "Neil Ruston" wrote: > > > Is the WSUS OU a child of the TS OU, or a peer? Only children inherit GPO > > settings. > > > > Does the WSUS OU have 'block inheritence' set with regard to GPO processing? > > > > neil > > > > > > > > > > "one3cap" wrote: > > > > > in our active directory structure we have many OU'S. We have a terminal > > > services OU where we have 3 terminal server computer accounts. Now we have a > > > GPO attached to this OU. We locked our terminal servers down pretty tight > > > with alot of computer-admin-windows explorer settings. Now my question is 2 > > > OU's down we have a WSUS OU where we have all of our computer accounts with a > > > GPO attached to this which just has WSUS settings for our workstations. Now > > > why isn't this OU inheriting the settings from the terminal services OU's > > > GPO. I thought setting from upper level GPO's are send downwad unless a > > > setting at a lower gpo is conflicting. |
|||||||||||||||||||||||
Other interesting topics