stvbrx
asked on
WMI filter to block policy based upon server name
How do I use a WMI filter to block a policy from being applied to a particular server based upon server name?
It's a lot easier to create a Security Group, add the server to it then add the Security Group to the ACL of the GPO with a Deny - Apply Group Policy entry.
yup this is rite , i have done this same setup in one of my clients. and it works like charm
Cheers:)
Kamal
Cheers:)
Kamal
ASKER
Yes, I know I can do it with a sec. group, but I was trying to use the wmi filter.
(I'm trying to learn how to us this feature.)
Is it possible at all?
(I'm trying to learn how to us this feature.)
Is it possible at all?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks Netman66!
ASKER
I applied the policy as described with the server having deny permissions in the properties, but when I rdp to the server, it still shows up before the windows login screen!
The legal banner statements do not exist in the registry of the server.
Why is this happening?
The legal banner statements do not exist in the registry of the server.
Why is this happening?
Explain to me, in detail where the GPO is, whether computer or user configurations are being set and how you setup the security on the policy.
The legal caption is a computer setting - are you sure you're setting ACE's on the correct policy?
The legal caption is a computer setting - are you sure you're setting ACE's on the correct policy?
ASKER
GPO is applied at the top level of the domain. (just below Default policy).
Settings are computer based.
Security settings:
Auth Users Read/apply
Security group I created: Deny Read/Deny Apply
And all other default sec. settings
What does ACE stand for?
Settings are computer based.
Security settings:
Auth Users Read/apply
Security group I created: Deny Read/Deny Apply
And all other default sec. settings
What does ACE stand for?
ACE=Access Control Entry.
Okay, this setting is registry-based. You'll have to create a new policy with only the new security group on it then leave everything blank - it should reverse the setting from the other policy.
Okay, this setting is registry-based. You'll have to create a new policy with only the new security group on it then leave everything blank - it should reverse the setting from the other policy.