0

I am trying to configure a domain policy such that the default policy is applied to most machines with a few exceptions. We use "Local Users and Groups" under Preferences > Control Panel Settings in the default domain policy to push down users from a different Forest as Admins/Users/Other Groups on the machines that fall under this policy. I would like to continue doing this at the default policy level, but have an OU with different users and groups pushed down to specific machines.

So far, I've found that configuration of the OU policy appears to be easier if I do not Block Inheritance - this way I can change just a few policies on the OU, which override the default policy and then the rest of the default policy will be pushed down to machines under the OU. However, if I do not block inheritance, ALL users and groups at the default level get pushed down to the OU machines. Is there any way besides blocking inheritance of default policies to prevent this?

Improve this question

1 Answer 1

Reset to default
0

I was able to find the answer after a while of searching - "Item-level targeting" was applied to the Local Users and Groups at the domain level and was configured so that they wouldn't apply to the specific OU.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .