Skip to main content

Removing Computers from an OU

More
16 years 7 months ago #23419 by skepticals
Let me make this a little more clear.

OU = Lab

I set computer and user policies for the OU Lab. I then removed the computer from the Lab OU and put it in a different OU called Computers.

The GPOs should only apply to the OU Lan, right?

Smurf, I am not sure about the not configured.
More
16 years 7 months ago #23424 by KiLLaBeE
Skepticals,
Yes. If you moved the computer object out of the "Lab" OU and placed it into the "Computers" OU, then the computer object will not have the "Lab" OU's GPOs applied and instead have the "Computers" OU's GPOs applied (if any exist). However, if you are logging into the computer with a user account that is WITHIN the "Lab" OU, then the "Lab" OU's user object GPOs will then be applied to the user, and so it may appear as if the computer maintained the "Lab" OU's GPO although it wouldn't be the case.

However, if the computer object is picking up the GPO from the "Lab" OU and you aren't logging into the computer with a user account from that OU, then the suggestion(s) i gave you above would probably apply.

Hope that helps

-K
More
16 years 7 months ago #23434 by skepticals
Let me see if I understand. Are you saying that the computer object placement is not related to the User settings?

So, if I have user 'Lab' and computer object 'Lab1' in the Lab OU and I remove the computer object to OU 'other' and login as Lab, the GPOs that are applied to users in the Lab OU will still apply?

Do OUs only breakup computer objects? I thought even the user settings were based on the OU.
More
16 years 7 months ago #23465 by KiLLaBeE
Yes, when you login to the computer using the user object from the Lab OU, the user will have the GPOs from its OU and the computer will have the GPOs from its new OU, so basically, you'll have a computer that has GPOs from OU "other" being applied and GPOs from OU Lab being applied to the user, so the person who would be using the computer would "experience" the policies from both OUs.

And as a side note, the Computer Configuration settings from Group Policy Editor would apply to computer objects only and User Configuration settings would apply to user objects.

What do you mean "break up"?
More
16 years 7 months ago #23484 by skepticals

What do you mean by "break up"

I do not see where I said that. I did a search and couldn't find it either.

So esssentially you are saying that if I have 15 OUs and apply 15 different user GPOs individually to each OU that when I log in I will get a combination of all 15 even if my user account is only in one of the OUs?

OU1 User GPO 1 applied
OU2 User GPO 2 applied
OU3 User GPO 3 applied
...
OU12 User GPO 12 applied
OU13 Contains User Account
OU14 User GPO 14 applied
OU15 User GPO 15 applied

If I login to a computer I will get the resulting effect of all the GPOs applied to all the OUs?
More
16 years 7 months ago #23521 by KiLLaBeE
If you have the OUs all within each other, then yes, the computer and user account all the way in the bottom of the "stack" will get the combination of the GPOs. If you're talking about several OUs "spread out," then when you login to one OU's computer with the user from another OU, then i think the combined policy is that of the computer's GPO from its OU and the user GPO from its OU.
Time to create page: 0.140 seconds