Matrix1000
asked on
Allow 1 User Exempt from a GPO - How?
I have a GPO at the top/corporation OU that sets users homepage to the company's Intranet page.
There is one guy who refuses to have that as his homepage.
Is there a way to allow one person to bypass that GPO policy and allow them to set their own homepage?
I was thinking of making another OU inside his current department OU and creating a policy for it but I'm not sure how to bypass the GPO settings for him.
Thanks for any info
There is one guy who refuses to have that as his homepage.
Is there a way to allow one person to bypass that GPO policy and allow them to set their own homepage?
I was thinking of making another OU inside his current department OU and creating a policy for it but I'm not sure how to bypass the GPO settings for him.
Thanks for any info
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
maybe this will help http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
or here is a similar question, see the end part regarding limiting a policy to only certain people
https://www.experts-exchange.com/questions/21043791/Using-Policy-Editor-to-disable-AIM-MSN-and-YIM.html
https://www.experts-exchange.com/questions/21043791/Using-Policy-Editor-to-disable-AIM-MSN-and-YIM.html
ASKER
Hmm,,I understand but cant seem to figure this part out.....
...."then go to the group policy windows(not the policy itself) and select properties"......., go to security and add the group in, then tick the "apply group policy" deny, and you all done.
I did the following....created a new group called 'homepage bypass' in the 'companyname' OU (which is the root OU where the GPO is which controls the homepage. Then I added the user to the group.
Then I went to the root OU and clicked properties>Group Policy> 'Then clicked the OPEN' button.......I have the GP Management snapin installed...then when I go to the 'companyname' OU and right click on the GPO there it doesnt give me a 'properties' selection in the menu. In' the right hand side of the Group Policy Management window It does show a "Security Filtering' portion but this only allows you to add and remove groups/users.
I'm probably misunderstanding something :P
...."then go to the group policy windows(not the policy itself) and select properties"......., go to security and add the group in, then tick the "apply group policy" deny, and you all done.
I did the following....created a new group called 'homepage bypass' in the 'companyname' OU (which is the root OU where the GPO is which controls the homepage. Then I added the user to the group.
Then I went to the root OU and clicked properties>Group Policy> 'Then clicked the OPEN' button.......I have the GP Management snapin installed...then when I go to the 'companyname' OU and right click on the GPO there it doesnt give me a 'properties' selection in the menu. In' the right hand side of the Group Policy Management window It does show a "Security Filtering' portion but this only allows you to add and remove groups/users.
I'm probably misunderstanding something :P
gimme a few mins this is for win 2k not 2k3
maybe this will help
Explicit Deny
Within Group Policy Objects, select the target GPO.
Select the Delegation tab.
Click on the Add button, Click the Add button, enter the first few characters of the group, click Check Names, select the correct group and click OK twice.
Select the group you just added and click Advanced...
In the Security Settings windows, highlight the group.
In the Permissions pane, check the Deny box for Apply Group Policy permission. Repeat process for additional groups.
Now, only users or computers who are not members of the groups you added will be affected by the GPO.
this will explain the whole thing
http://calnetad.berkeley.edu/documentation/technical/gpmc/
hope it helps, sorry I never realised before it was 2003
Explicit Deny
Within Group Policy Objects, select the target GPO.
Select the Delegation tab.
Click on the Add button, Click the Add button, enter the first few characters of the group, click Check Names, select the correct group and click OK twice.
Select the group you just added and click Advanced...
In the Security Settings windows, highlight the group.
In the Permissions pane, check the Deny box for Apply Group Policy permission. Repeat process for additional groups.
Now, only users or computers who are not members of the groups you added will be affected by the GPO.
this will explain the whole thing
http://calnetad.berkeley.edu/documentation/technical/gpmc/
hope it helps, sorry I never realised before it was 2003
ASKER
KEWL that did it THANKS!!!!!!
no prob, glad its sorted