Noob question: To what OU do i apply a GPO (user OU or Computer OU)<\/p>\n
If a gpo contains settings configured under user configuration - i apply the GPO to the OU containing the users<\/p>\n
If a GPO contains settings configured under computer configuration - i apply the GPO to the OU containing the computers.<\/p>\n
Exception would be loopback processing. Is this the correct way of understanding GPO’s<\/p>","upvoteCount":8,"answerCount":5,"datePublished":"2019-09-30T18:00:38.000Z","author":{"@type":"Person","name":"mahim","url":"https://community.spiceworks.com/u/mahim"},"suggestedAnswer":[{"@type":"Answer","text":"
Noob question: To what OU do i apply a GPO (user OU or Computer OU)<\/p>\n
If a gpo contains settings configured under user configuration - i apply the GPO to the OU containing the users<\/p>\n
If a GPO contains settings configured under computer configuration - i apply the GPO to the OU containing the computers.<\/p>\n
Exception would be loopback processing. Is this the correct way of understanding GPO’s<\/p>","upvoteCount":8,"datePublished":"2019-09-30T18:00:38.000Z","url":"https://community.spiceworks.com/t/applying-gpo/732414/1","author":{"@type":"Person","name":"mahim","url":"https://community.spiceworks.com/u/mahim"}},{"@type":"Answer","text":"\n\n
<\/div>\n
deepbluesky:<\/div>\n
\nNoob question: To what OU do i apply a GPO (user OU or Computer OU)<\/p>\n
If a gpo contains settings configured under user configuration - i apply the GPO to the OU containing the users<\/p>\n
If a GPO contains settings configured under computer configuration - i apply the GPO to the OU containing the computers.<\/p>\n
Exception would be loopback processing. Is this the correct way of understanding GPO’s<\/p>\n<\/blockquote>\n<\/aside>\n
You pretty much nailed it<\/p>","upvoteCount":0,"datePublished":"2019-09-30T18:05:14.000Z","url":"https://community.spiceworks.com/t/applying-gpo/732414/2","author":{"@type":"Person","name":"davidr4","url":"https://community.spiceworks.com/u/davidr4"}},{"@type":"Answer","text":"
Yes, That’s correct.<\/p>","upvoteCount":0,"datePublished":"2019-09-30T18:09:00.000Z","url":"https://community.spiceworks.com/t/applying-gpo/732414/3","author":{"@type":"Person","name":"Internet_Schneider","url":"https://community.spiceworks.com/u/Internet_Schneider"}},{"@type":"Answer","text":"
That is correct. That said, try to avoid using Loopback processing at all costs if you can as it makes things really messy later on. There are very few situations where I’d recommend Loopback processing.<\/p>\n
Also worth noting is you can only apply GPO’s against OU’s… not containers. So those default containers like “Computers” where all devices end up once you domain them (by default) cannot and will not accept policies from GPO’s.<\/p>\n
There are a billion different ways to layout your GPO’s but generally what works best is whatever the simplest layout you can go with.<\/p>\n
For example:<\/p>\n
Domain<\/p>\n
-Location (if multiple sites, otherwise skip this one)<\/p>\n
–Users<\/p>\n
–Computers<\/p>\n
-Location<\/p>\n
–Users<\/p>\n
–Computers<\/p>\n
Alternatively, you could switch “Location” out for “Department” if you plan to give certain departments different policies. You could also just lump everybody into one giant OU and then use Security Groups or Item Level Targetting to apply the policies to the specific users and computers.<\/p>","upvoteCount":2,"datePublished":"2019-09-30T20:40:09.000Z","url":"https://community.spiceworks.com/t/applying-gpo/732414/4","author":{"@type":"Person","name":"dimforest","url":"https://community.spiceworks.com/u/dimforest"}},{"@type":"Answer","text":"\n\n
<\/div>\n
dimforest:<\/div>\n
\nThat is correct. That said, try to avoid using Loopback processing at all costs if you can as it makes things really messy later on. There are very few situations where I’d recommend Loopback processing.<\/p>\n
Also worth noting is you can only apply GPO’s against OU’s… not containers. So those default containers like “Computers” where all devices end up once you domain them (by default) cannot and will not accept policies from GPO’s.<\/p>\n
There are a billion different ways to layout your GPO’s but generally what works best is whatever the simplest layout you can go with.<\/p>\n
For example:<\/p>\n
Domain<\/p>\n
-Location (if multiple sites, otherwise skip this one)<\/p>\n
–Users<\/p>\n
–Computers<\/p>\n
-Location<\/p>\n
–Users<\/p>\n
–Computers<\/p>\n
Alternatively, you could switch “Location” out for “Department” if you plan to give certain departments different policies. You could also just lump everybody into one giant OU and then use Security Groups or Item Level Targetting to apply the policies to the specific users and computers.<\/p>\n<\/blockquote>\n<\/aside>\n
You can also add Test OUs for each of the GPOs which is included on your billion different ways to accomplish this.<\/p>","upvoteCount":1,"datePublished":"2019-10-01T02:21:40.000Z","url":"https://community.spiceworks.com/t/applying-gpo/732414/5","author":{"@type":"Person","name":"dbeato","url":"https://community.spiceworks.com/u/dbeato"}}]}}
mahim
September 30, 2019, 6:00pm
1
Noob question: To what OU do i apply a GPO (user OU or Computer OU)
If a gpo contains settings configured under user configuration - i apply the GPO to the OU containing the users
If a GPO contains settings configured under computer configuration - i apply the GPO to the OU containing the computers.
Exception would be loopback processing. Is this the correct way of understanding GPO’s
8 Spice ups
davidr4
September 30, 2019, 6:05pm
2
deepbluesky:
Noob question: To what OU do i apply a GPO (user OU or Computer OU)
If a gpo contains settings configured under user configuration - i apply the GPO to the OU containing the users
If a GPO contains settings configured under computer configuration - i apply the GPO to the OU containing the computers.
Exception would be loopback processing. Is this the correct way of understanding GPO’s
You pretty much nailed it
dimforest
September 30, 2019, 8:40pm
4
That is correct. That said, try to avoid using Loopback processing at all costs if you can as it makes things really messy later on. There are very few situations where I’d recommend Loopback processing.
Also worth noting is you can only apply GPO’s against OU’s… not containers. So those default containers like “Computers” where all devices end up once you domain them (by default) cannot and will not accept policies from GPO’s.
There are a billion different ways to layout your GPO’s but generally what works best is whatever the simplest layout you can go with.
For example:
Domain
-Location (if multiple sites, otherwise skip this one)
–Users
–Computers
-Location
–Users
–Computers
Alternatively, you could switch “Location” out for “Department” if you plan to give certain departments different policies. You could also just lump everybody into one giant OU and then use Security Groups or Item Level Targetting to apply the policies to the specific users and computers.
2 Spice ups
dbeato
October 1, 2019, 2:21am
5
dimforest:
That is correct. That said, try to avoid using Loopback processing at all costs if you can as it makes things really messy later on. There are very few situations where I’d recommend Loopback processing.
Also worth noting is you can only apply GPO’s against OU’s… not containers. So those default containers like “Computers” where all devices end up once you domain them (by default) cannot and will not accept policies from GPO’s.
There are a billion different ways to layout your GPO’s but generally what works best is whatever the simplest layout you can go with.
For example:
Domain
-Location (if multiple sites, otherwise skip this one)
–Users
–Computers
-Location
–Users
–Computers
Alternatively, you could switch “Location” out for “Department” if you plan to give certain departments different policies. You could also just lump everybody into one giant OU and then use Security Groups or Item Level Targetting to apply the policies to the specific users and computers.
You can also add Test OUs for each of the GPOs which is included on your billion different ways to accomplish this.
1 Spice up
