Applying Policy to Security groups ?

[davidaking]

I am a bit confused. I read in here somewhere that you cannot apply a policy to a Security group. Only to a OU a Computer or a User. But we have a consultant that has set it up as follows. He has the OU with computers in it. He created a Security group and put the AD users in it. He put the security group in the OU with the Policy linked to the OU and it seems to be working. We are using 2003 level AD. And when I open the Group Policy Management Console and select a GPO the right lower panel states in the SECURITY FILTERING PANE : The settings in the GPO can only be applied to the following groups, users and computers. "Groups" is listed as an option.

So my question is this. Is the FAQ on this site where the user says "He put the users in a security group and applied the GPO to them and it didn't work" valid?

Our consultant uses the same method and it seems to work?

In our setup we have CITRIX virtual desktops that we want some GPOs applied to and those same users are also Terminal server users. Their user accounts are located in OUs that relate to their physical location in our corporation. And a user account can only be located in One OU..right?

So when the user logs in to a CITRIX computer they are included in special CITRIX Security Groups that are located in the CITRIS COMPUTER OU, and those settings affect the Virtual desktop that they are assigned to at that time, via the fact that those Security groups are located in the CITRIX COMPUTER OU. Does that make sense?

[AndyT]

You could put a GPO applied to the Citrix terminal servers OU and use loopback so that any user who logs onto them gets the policy applied