- 最新
- 投票最多
- 评论最多
The approach you are following is not mistaken. However, group policies can be applied to users/groups or to computers. If you apply a group policy that affects computer settings to an OU in which you have users (or viceversa), that GPO won't have any effect (that's what's happening in your case).
in this case the GPO affects the computer resource: "Computer Configuration, Policies, Administrative Templates,Classic Administrative Templates, PCoIP Session Variables, and Overridable Administrator Defaults."
So in order to apply to different computers located in different OU's, you need to put the computers (AD resource) in different OUs.
Amazon Workspaces allow you to put the different workspaces in different OUs :
Q: Can I select the Organizational Unit (OU) where computer accounts for my WorkSpaces will be created in my Active Directory?
Yes. You can set a default Organizational Unit (OU) in which computer accounts for your WorkSpaces are created in your Active Directory. This OU can be part of the domain to which your users belong, or part of a domain that has a trust relationship with the domain to which your users belong, or part of a child domain in your directory. Please see our documentation for more details.
Unfortunately, won't work for your use case (having multiple OUs for different types of users), as Amazon Workspaces allows you to choose only one OU per directory.
Luckily, you can workaround this, by putting all the computers (workspaces) in the same OU and create different security groups for those computers (dev, prod, etc) and use the "Security filtering" feature of the GPOs to only apply the GPO to computers that belong to certain security group.
Hope this helps
相关内容
- AWS 官方已更新 2 年前