+ Post New Thread
Results 1 to 2 of 2
Windows Thread, Active Directory Structure: Teacher and Student computers in Sub-OU of user or root? in Technical; I am having some confusion as to how computer side GPO settings will be applied when a teacher logs in ...
  1. #1

    Join Date
    Aug 2012
    Location
    Kansas City, MO
    Posts
    9
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Active Directory Structure: Teacher and Student computers in Sub-OU of user or root?

    I am having some confusion as to how computer side GPO settings will be applied when a teacher logs in at a student computer depending on the AD structure.

    I have our AD structure with student users in one OU and Teachers in another OU right below the domain. The Teacher and Student OU's are not sub OU's of one another to make sure that privileges do not flow from one group to the other. I also have the student computers in a sub-OU of Students and Teacher computers in a sub-OU of Teachers. I feel that in doing this I will have issues when a teacher sits down at a student computer. I haven't completely tested it but I think the teacher will get the computer settings from the Student GPO that is applied to the Student OU when the student computer is in a sub-OU. Should the teacher and student computers be in OU's at the root of the domain like the user OU's are and then when a user logs in the computer side settings of the GPO for the student or teacher will just apply to the computer? So basically should I think of it as GPO settings are based on login and therefore follow the user which is applied to the computer the user is logged into?

    A.
    Domain
    -Students OU
    -Student Computers
    -Teacher OU
    -Teacher Computers

    or

    B.
    Domain
    -Student OU
    -Teacher OU
    -Student Computer OU
    -Teacher Computer OU

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,223
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    C:
    Domain
    -School
    --computers
    ---staff computers
    ---student computers
    --users
    ---students
    ---staff

    This way you can have common policies that apply to both and just the differentiated stuff apply to the sub users.

    AD handles policies in two ways, by machine and by user
    User policies are handled by user logon (user objects in AD)
    Machine policies are applied to machine objects in AD (ie computers)

SHARE:
+ Post New Thread

Similar Threads

  1. Making changes to Active Directory Structure..
    By kennysarmy in forum Windows
    Replies: 3
    Last Post: 1st October 2009, 04:16 PM
  2. Replies: 1
    Last Post: 24th June 2009, 10:10 AM
  3. CMIS Teacher and Student Class Data
    By danIT in forum MIS Systems
    Replies: 0
    Last Post: 18th June 2008, 05:17 PM
  4. Active Directory Structure
    By baronne in forum Windows
    Replies: 16
    Last Post: 26th February 2007, 10:33 AM
  5. Oversold and Underused: Computers in the Classroom
    By Dos_Box in forum Books and Manuals
    Replies: 8
    Last Post: 29th October 2006, 03:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •