Active Directory Structure: Teacher and Student computers in Sub-OU of user or root?
I am having some confusion as to how computer side GPO settings will be applied when a teacher logs in at a student computer depending on the AD structure.
I have our AD structure with student users in one OU and Teachers in another OU right below the domain. The Teacher and Student OU's are not sub OU's of one another to make sure that privileges do not flow from one group to the other. I also have the student computers in a sub-OU of Students and Teacher computers in a sub-OU of Teachers. I feel that in doing this I will have issues when a teacher sits down at a student computer. I haven't completely tested it but I think the teacher will get the computer settings from the Student GPO that is applied to the Student OU when the student computer is in a sub-OU. Should the teacher and student computers be in OU's at the root of the domain like the user OU's are and then when a user logs in the computer side settings of the GPO for the student or teacher will just apply to the computer? So basically should I think of it as GPO settings are based on login and therefore follow the user which is applied to the computer the user is logged into?
-Student Computer OU
-Teacher Computer OU