Consider the following scenario in a domain environment:

  • You have a computer that is running Windows Server 2008 R2, Windows 7, Windows Server 2008 or Windows Vista.
  • You use the Group Policy Management Console snap-in (Gpmc.msc) to connect to a domain controller from another domain.
  • You create a Group Policy object (GPO). Then, you enable and configure the Item-level targeting option of the Group Policy preference setting for this GPO in the Gpmc.msc snap-in.
  • In the Targeting Editor dialog box, you click New Item to select Computer Name or Security Group as the new item-level targeting item.
  • You click the ellipsis button (…) to open an item-level targeting object picker dialog box.

In this scenario, the object picker dialog box shows an incomplete enterprise structure. The object picker dialog box only shows the domain in which the Gpmc.msc is started. The object picker dialog box does not show the domain in which you configure the Group Policy object. Because of this issue, users can only select objects in the same domain as the computer.

Leave a Reply