chwolfe Absent Member.
Absent Member.
716 views

Multiple GPO

I am new to ZEN and I am running into an issue that I cannot find the answer for. I created dynamic workstation groups around subnets for different sites. I attached a GPO to this level. Its main purpose was to block windows update and access to windows update in order to roll out patch management. I created workstation groups and tried to implement GPO that was much more strict basically to remove students access to manipulate the desktop, among other things, in computer labs. So my problem is that the computer lab PCs have a GPO at a dynamic workstation level and when the workstation group GPO is applied, it states successful but the policies are not reflected on the PC. I thought that policies were on a tiered structure that followed dynamic workstation group>workstation group>workstation. Any suggestions on how to enforce that GPO at the workstation group level?

Thanks in advance,
Chris
Labels (2)
0 Likes
3 Replies
Micro Focus Expert
Micro Focus Expert

Re: Multiple GPO

The Approach I tend to recommend for schools is to assign a very strong default GPO to all devices.
Then assign less restrictive GPOs to Teacher and Tech Accounts to unlock them.

It would also be possible to use System Requirements on Policies so that they only applied if certain criteria are met.
0 Likes
chwolfe Absent Member.
Absent Member.

Re: Multiple GPO

The lab devices have multiple group polices. The more strict policy is assigned at a workstation group level and it is not actually applying to the devices. The generic GPO is assigned to a dynamic workstation group and that is what the lab PCs are using. Was my belief of dynamic workstation group>workstation group>workstation correct? Can I assign multiple GPOs like that?
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Multiple GPO

chwolfe;2420735 wrote:
I am new to ZEN and I am running into an issue that I cannot find the answer for. I created dynamic workstation groups around subnets for different sites. I attached a GPO to this level. Its main purpose was to block windows update and access to windows update in order to roll out patch management. I created workstation groups and tried to implement GPO that was much more strict basically to remove students access to manipulate the desktop, among other things, in computer labs. So my problem is that the computer lab PCs have a GPO at a dynamic workstation level and when the workstation group GPO is applied, it states successful but the policies are not reflected on the PC. I thought that policies were on a tiered structure that followed dynamic workstation group>workstation group>workstation. Any suggestions on how to enforce that GPO at the workstation group level?

Thanks in advance,
Chris


No, Dynamic Workstation Groups do not have a lower weight than standard groups.
Use of System Requirements would work better to filter out undesired GPOs.
The same process to create Dynamic Groups can create filterable values on the device for the GPOs.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.