# Setting up / securing an OU with group policy (for disabled users)



## mfw (Jun 11, 2012)

Hello. This is my first post here. 



I am having trouble figuring out how to configure a group policy to restrict all access to users I place into my "Disabled Users" OU. I have not really worked with Group Policy before, but I am very familiar with AD, and I know how to open and browse group policy management.

What I have so far:

I have created the Disabled Users OU
I have created / linked a disabled users GPO to this OU
I have added "Everyone" group to the security filtering

I am not sure what to do from here. Again, I want to configure this Disabled Users OU with basically no access to anything as I want to place my disabled users in there for about 60 days before deleting them.

Thanks in advance!


----------



## Wand3r3r (Sep 17, 2010)

lot of work for disabled accounts.

I just run a report using DumpSec which is a free download to show all disabled accounts.

Since the accounts are disabled I don't see the point in a group policy or how it could be effective. More likely you would need to write a VB script that moves a disabled user to the OU.


----------



## Velan-Support (May 8, 2012)

Hi Mfw,
while setting group policy you can make the possible restriction. As you said you created OU for disabled user. Just add all the disabled user on that OU. You can edit the group policy on the OU users. Run the gpupdate on cmd prompt.
After 60 days you can delete them as well. It you want to delete automatically after 60 days then we need to write the VB script as Wand3r3r said earlier.


----------



## mfw (Jun 11, 2012)

Yea I just wasnt sure how to edit the gp to do that to the OU. Its ok though, I realized after Wand3r3r said it that they are already disabled so it shouldnt matter. Really I am just using it as a bookmark to come back to that OU to delete the 60 day old ppl.

Thanks guys!


----------

