AD Groups.

BoomAM · 2 Mar 2007 at 13:43

Hi.
Can someone tell me how to do this:
In our AD, we have a folder called pupils, and then under that another few folders with each year group.
What i want to do is create an object that contains all of the users under those folders, (even when temporarily moved to the banned folder), so that i can then use that object as a filter in our surf control software.
At the moment, i have to add each user seperately in surf control to a rule within that to filter their web usage. Which is a right pain to do.
So having an automatically updating/consistant list of user that i can allocate with just the one object in our surf control software, would make my life a heck of a lot easyier.

Thanks in advance all.

mike1210 · 2 Mar 2007 at 14:05

do you mean create an OU then apply a group policy for that OU???

would right click > new > organisational Unit

once thats made

right click OU > properties > group policy > into there

best to make all your group policies under a seperate OU, then link the group policies you apply to the other OU's, from the policy OU

BoomAM · 2 Mar 2007 at 14:37

Hows about that without the abbriviations

.
What i want to do is have it so that all of the users under a specific set of folders, that even when they are temporarily moved to another folder, which is an internet ban folder, that they are still within this specific object that i want to create. This object would then be used in our SurfControl software as a source of usernames to use for each filter.
I know its not the clearest of descriptions, but im learning Active Directory as i go, and im not up on the lingo yet.

Andyt_uk · 2 Mar 2007 at 20:57

BoomAM said:
Hows about that without the abbriviations .
What i want to do is have it so that all of the users under a specific set of folders, that even when they are temporarily moved to another folder, which is an internet ban folder, that they are still within this specific object that i want to create. This object would then be used in our SurfControl software as a source of usernames to use for each filter.
I know its not the clearest of descriptions, but im learning Active Directory as i go, and im not up on the lingo yet.

can't you just set it up as

Pupils
--Year 1
--Year 2
--Banned etc

Move them from the year ou to the banned ou as necessary. We use to do this and just set a Group Policy on the Banned OU that gave them a false proxy address. It was set so that without the correct details, they couldn't get onto the net and IE was locked down so they couldn't change the proxy details.

Andyt_uk · 2 Mar 2007 at 21:25

Andyt_uk said:
can't you just set it up as

Pupils
--Year 1
--Year 2
--Banned etc

Move them from the year ou to the banned ou as necessary. We use to do this and just set a Group Policy on the Banned OU that gave them a false proxy address. It was set so that without the correct details, they couldn't get onto the net and IE was locked down so they couldn't change the proxy details.

actually by the look of it that software allows you to block groups.

therefore create a security group and set it up in the surfcontrol software to block all access. Then as needed just add the banned kids to the group.

BoomAM · 2 Mar 2007 at 23:23

Andyt_uk said:
actually by the look of it that software allows you to block groups.

therefore create a security group and set it up in the surfcontrol software to block all access. Then as needed just add the banned kids to the group.

The SurfControl software is a pain in the rear.
Ive spent the better part of the day changing its user/computer source over from NT Domain to AD.
And the worst part? After doing all that, they turned around and say that although ive spent the last 4 hours reconfiguring everything to AD, that my original request is no longer possible, i cannot block specific sets of workstations from the internet at the touch of a button! :mad:

A royal pain in the rear.
So now for the forseeable future, ive got to spend a good 10mins at the stroke of each hour, and at the end of each hour, manually moving users between 'Banned' and their 'Intake' folder as/when the teachers require them to be off/on the internet.=loads more work for me!

Anyway:
The current setup in AD is as follows:
-AD
--Network
---Pupils
----Intake02
----Intake03
----Intake04
----Intake05
----Intake06
---Banned

**This setup will not be changing**

Is what i want to achieve even possible?
Lets say i was to hypothetically move the 'Banned' folder from its current place in the tree, to under the Pupils folder. Would it still retain its current properties that it applys to users placed within itself?
Asuming that it does, would it then be possible to create an object in AD that automatically contains everything under 'Pupils' and its sub-folders, including any extra folders/users i create.
This object would then make adding new users to the SurfControl rules administrator as easy as just creating the new user in the first place in AD.

Thanks in advance.