I'm feeling particularly stupid this morning - maybe due to an hour less thinking time (lol)
But could someone please explain how a GPO "knows" which group of users or computers it should work on? In Server 2003 I knew this because they were accessed from the OU in Active Directory. Now in Server 2008 that is not the case I don't know who or what the GPO is acting on.
It is the same in Server 2008 - however in Server 2003 you had the option of managing GPOs from the ADUC snapin, or installing GPMC (Group Policy Management Console) and using it's enhanced features for GP. In Server 2008, you don't get the choice, you must use GPMC (a good thing as it's very useful!). GPs are stilled linked to OUs & can use group filtering if required.
GPMC is installed by default on Server 2008 when you install the ADDS role, or on Vista when installing the RSAT management tools.
I did manage policies in 2003 with the GPMC but I always entered it from AD, which in my head meant that I knew which OU the policy was attached to (or operating on). Now in 2008 I don't have that reassurance of seeing the link. I assume that there is somewhere in the GMP console that shows the link?
Originally Posted by Diello
GPMC shows the links the same way in did in W2k3 - in the left-hand hierarchy view, you'll see the GPs linked to that OU at the top of the list along with it's child OUs - Clicking on any OU will show in the right-hand pane on the "Linked GPOs" tab the GPs linked to that OU, and the "GP Inheritance" tab will show you all the GPs which will be applied in order.
Sorry to be so thick, I hadn't realised that the folders in the left hand tree would be the same as the AD ones. It's so obvious now you've said. That makes much more sense now, thanks.