Group Policies

I have set group policies for all computers within my domain, on my domain controller in active directory.  I now want to take away group policies for one of the PCs.  What is the best way for me to eliminate group policies on a PC that is getting it from the server/domain controller?
Reason is that I set one of the group polices to hide the C: drive on all the PCs.  The problem is that one of our PCs, I have loaded software on it locally.  In order for those users to use the program(locally installed), they will need access to the C: drive.
I tried to share the C: drive(under current policies), tried to create a shortcut(didnt work), and so on.  I cannot load it on the Server, because it is a program that doesnt have the capabillities to map a drive to it.(I dont know why).

Any suggestions great wizards of the IT World?!?!

Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

jose_ramirezConnect With a Mentor Commented:
You just have to remove the PC account from the Organizational Unit you´ve added to, and remove User also...
And that´s it.. If you want to add all other policies only for this PC, you need to add it to another Organizational Unit and put restrictions to it...
Hope this helps!
col_forbin13Connect With a Mentor Commented:
Yeah, what we have done here is create OU's Called "C: drive access" that changes the hiding of the C: drive.  You may also just be able to give the users (write) access to the program directory and create a shortcut on the All Users desktop to the app.
lyle-grangerConnect With a Mentor Commented:
I would create a new OU (Organizational Unit) and move the computer that needs access to that OU.  This will remove any group policies associated with that computer.  If you need any other policies attached you will have to re-add them.  

I do not recommend linking policies as it can be hard to manage or track.  

I would also recommend creating OU's for each department, this will allow you to apply policies with different levels of access and make it easier to manage AD.

If you have any other questions please post.

Good luck & I hope this helps.

Never miss a deadline with

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

A quick fix may be to go to the security tab in the policy that you want to remove from a particular PC.
Add that PC and click Deny. That machine then will not get that policy.

This can be used where you have applied policy to 'domain computers' and need to remove one in particular.

Beware, Deny permissions can be dangerous if used too much, as they will take precedence over all else.

Good luck

Move the computer to a new ou, that is not affected by the GPO.  

BeldoranConnect With a Mentor Commented:
If cjjimbos has a 'simple' domain sturcture, eg computers in the computers container and group policy at the root, then moving to a new ou will not help. In an ideal world I would also (like many other above) recomend restructuring the domain structure to allow what you wish, but often this is beyond your ability to do (either due to lack of knowledge or lack of 'political'/'IT' power - eg THEY won't let you)

If the latter is the case, then Deny is one option and removing the machine from the domain is the only other option.


All Courses

From novice to tech pro — start learning today.