| Author | Messages | |
AlRose
Posts:47
 | | 02/01/2012 6:27 PM |
| Hi,
I have been asked to look at User preferences to mount drives for users
that are member of specific security groups.
I am new to this approach as i usually use login scripts for this matter.
How do we scope a GPO to AD security groups? Is this straight-forward and
is it a good way to go vs. logon scripts?
Thank you.
| | | |
| Parzival
Posts:108
| | 02/01/2012 6:27 PM |
| if you use group policy preferences, you can target users, groups, etc etc.. directly in the mapped drive entry. click the common tab and select targetting.. there you can add a group, an OU (user reside in) or other various options.. also note the http://blog.studiographic.nl/?p=291 blogpost if you are replacing old loginscripts.
Roelf Zomerman
________________________________
From: activedir-owner@mail.activedir.org [activedir-owner@mail.activedir.org] on behalf of Al Rose [arose107@gmail.com]
Sent: Thursday, November 10, 2011 1:40 PM
To: activedir@mail.activedir.org
Subject: [ActiveDir] W2k8 GPO User preferences scope
Hi,
I have been asked to look at User preferences to mount drives for users that are member of specific security groups.
I am new to this approach as i usually use login scripts for this matter. How do we scope a GPO to AD security groups? Is this straight-forward and is it a good way to go vs. logon scripts?
Thank you.
| | | |
| darren
Posts:393
| | 02/01/2012 6:27 PM |
| My general preference is to link GPOs as close to their intended targets as possible. This minimizes changes for inadvertent changes higher up, affecting a wider audience. That said, having a single GPO containing multiple GP Preferences, each with different ILTs, is pretty common.
Darren
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Roelf Zomerman
Sent: Thursday, November 10, 2011 5:08 AM
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] W2k8 GPO User preferences scope
both options are valid.. not sure how complex your environment is, in smaller environments i just create 1 policy, link it to the users OU and add all options of the loginscript drivemapping in it. The downside is that all users in that OU will process the GPO (no additional filtering there), the advantage that it is easy to make changes while keeping the number of GPO's itself relative low.
If you now have multiple loginscripts targetted at specific business OU's, you're probably easier off making multiple GPO's (one for each business unit) and handle drivemapping in there.. perhaps even add it to existing GPO's that are already applied to those business units/users/etc... it also depends a bit on who is managing GPO's and if that has been sub-delegated to multiple groups.
Roelf Zomerman
________________________________
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [activedir-owner@mail.activedir.org] on behalf of Al Rose [arose107@gmail.com]
Sent: Thursday, November 10, 2011 1:55 PM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: Re: [ActiveDir] W2k8 GPO User preferences scope
Great! Thanks for the info...
whats best practice? To create a high-level GPO to gather all mapped drives or to put the GPO the closest as possible from targets?
On Thu, Nov 10, 2011 at 1:45 PM, Roelf Zomerman <roelf.zomerman@avanade.com<mailto:roelf.zomerman@avanade.com>> wrote:
if you use group policy preferences, you can target users, groups, etc etc.. directly in the mapped drive entry. click the common tab and select targetting.. there you can add a group, an OU (user reside in) or other various options.. also note the http://blog.studiographic.nl/?p=291 blogpost if you are replacing old loginscripts.
Roelf Zomerman
________________________________
From: activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org> [activedir-owner@mail.activedir.org<mailto:activedir-owner@mail.activedir.org>] on behalf of Al Rose [arose107@gmail.com<mailto:arose107@gmail.com>]
Sent: Thursday, November 10, 2011 1:40 PM
To: activedir@mail.activedir.org<mailto:activedir@mail.activedir.org>
Subject: [ActiveDir] W2k8 GPO User preferences scope
Hi,
I have been asked to look at User preferences to mount drives for users that are member of specific security groups.
I am new to this approach as i usually use login scripts for this matter. How do we scope a GPO to AD security groups? Is this straight-forward and is it a good way to go vs. logon scripts?
Thank you.
| | | |
|
|