I have a group policy in User Configuration that runs a script at logon. The script looks for a registry key. If it finds the key the script ends. If the key is not present the script makes a bunch of security setting changes, creates the key, and reboots the computer. Our active directory looks something like this:
Main Company OU| |
| |
| ----Department 1 OU
| |
| |
| ----Department 2 OU
| |
| |
| ----Department 3 OU
| |
| |
| ----Department 4 OU
|
|
Servers OU
|
|
Domain Controllers OU
|
|
| . . .
I want to apply the GP at the Main Company OU and its child OUs but block it from everything else. Either that or find some completely different way to accomplish the same thing.
Any Ideas?