You shouldn't leave computers inside the default Computers container because...

Discussion in 'Active Directory' started by Spin, Aug 25, 2008.

  1. Spin

    Spin Guest

    Gurus,

    I'm of the belief that you shouldn't leave computers inside the default
    Computers container because you can't apply Group Policy to that other than
    the "Default Domain Policy". Is this correct?
     
    Spin, Aug 25, 2008
    #1
    1. Advertisements

  2. Yep, pretty much it.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Aug 25, 2008
    #2
    1. Advertisements

  3. Spin

    Jorge Silva Guest

    Hi
    That's False.
    You can apply other Policies; the difference is that you have to apply them
    at Domain Level.
    --
    I hope that the information above helps you.


    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services
     
    Jorge Silva, Aug 25, 2008
    #3
  4. Spin,
    Like Phillip and Jorge already posted, you cannot directory link Group
    Policy Objects to the default containers "Computers" and "Users". That's
    because they're containers, not Organizational Unit. You can, however
    take care of the machines and users in those containers by applying GPOs
    at the domain level. They'll be target of those.

    For advanced policy management, be sure to put your objects into OUs and
    move them out of the default containers, though.

    cheers,

    Florian
     
    Florian Frommherz [MVP], Aug 25, 2008
    #4
  5. Paul Bergson [MVP-DS], Aug 25, 2008
    #5
  6. Everyone else seems to have covered all aspects, but I thought I would add
    some history. When Wk2 was first being built the Computers and Users
    containers were referred to as the location designed to receive legacy
    systems
    that existed in the NT4 domain prior to the upgrade to W2k AD. The intent
    was
    that the pre-existing users and computers would be moved to OU where
    OU-linked
    GPO could also be used (avoiding need for security group GPO filtering).
    Just why then it was so difficult to change the default location for new
    computer
    or user objects before W2k3 is an interesting question.

    Roger
     
    Roger Abell [MVP], Aug 26, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.