Linking a Group Policy Object to an organizational unit

You can link a Group Policy Object to an organizational unit, domain, or site using the Group Policy Management Console. To set group policies for a selected Active Directory site, domain, or organizational unit, you must have read and write permission to access the system volume of the domain controller and the right to modify the selected directory object.

If you have created an organizational structure for Centrify as described in the Planning and Deployment Guide, the most natural place to link a Group Policy Object is the top-level container of that organizational unit structure, for example, the Centrify container.

To create and link a Group Policy Object for Centrify settings:

  1. Click Start > Administrative Tools > Group Policy Management.
  2. Select the Centrify organizational unit, right-click, then select Create a GPO in this domain, and Link it here.
  3. Type a name for the new Group Policy Object, for example, Centrify Policy, then click OK.

If you want to apply group policies to lower levels in the organizational structure, you can do so by linking Group Policy Objects to lower level organizational units. For example, if you created a separate organizational unit for zone computers, you can link a Group Policy Object to that organizational unit. However, you cannot link Group Policy Objects to containers (CN).