There's the "problem". The default rules of Group Policy are:
- computer objects will only apply Computer Configuration settings
- user objects will only apply User Configuration setting.
So when you're having an OU with a policy applied, that contains user
config settings, and you put computers into that OU, the computers will
not apply the setting. They simply "do not look" at the user config
settings you configure.
You could now go and move the user objects into that OU but that is
probably not what you want - since the restrictions would then apply to
the users no matter where they log on.
For those scenarios, there's something called the "loopback processing"
mode out there, which issomething you can also use for Terminal Services
environments. Loopback basically makes the computer objects look at the
user configuration settings of a GP - overwriting or merging the
settings with the ones that are linked for the real user. Loopback
should be what you'Re searching for:
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
Use a newsreader! http://www.yqcomputer.com/