[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Group Policies

Posted on 2004-10-25
6
Medium Priority
?
295 Views
Last Modified: 2010-04-10
I have set group policies for all computers within my domain, on my domain controller in active directory.  I now want to take away group policies for one of the PCs.  What is the best way for me to eliminate group policies on a PC that is getting it from the server/domain controller?
Reason is that I set one of the group polices to hide the C: drive on all the PCs.  The problem is that one of our PCs, I have loaded software on it locally.  In order for those users to use the program(locally installed), they will need access to the C: drive.
I tried to share the C: drive(under current policies), tried to create a shortcut(didnt work), and so on.  I cannot load it on the Server, because it is a program that doesnt have the capabillities to map a drive to it.(I dont know why).

Any suggestions great wizards of the IT World?!?!

0
Comment
Question by:cjjimbos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 2

Accepted Solution

by:
jose_ramirez earned 400 total points
ID: 12404567
You just have to remove the PC account from the Organizational Unit you´ve added to, and remove User also...
And that´s it.. If you want to add all other policies only for this PC, you need to add it to another Organizational Unit and put restrictions to it...
Hope this helps!
Jose
0
 
LVL 2

Assisted Solution

by:col_forbin13
col_forbin13 earned 400 total points
ID: 12405046
Yeah, what we have done here is create OU's Called "C: drive access" that changes the hiding of the C: drive.  You may also just be able to give the users (write) access to the program directory and create a shortcut on the All Users desktop to the app.
0
 
LVL 2

Assisted Solution

by:lyle-granger
lyle-granger earned 400 total points
ID: 12405336
I would create a new OU (Organizational Unit) and move the computer that needs access to that OU.  This will remove any group policies associated with that computer.  If you need any other policies attached you will have to re-add them.  

I do not recommend linking policies as it can be hard to manage or track.  

I would also recommend creating OU's for each department, this will allow you to apply policies with different levels of access and make it easier to manage AD.

If you have any other questions please post.

Good luck & I hope this helps.

Lyle
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 4

Expert Comment

by:Beldoran
ID: 12408258
A quick fix may be to go to the security tab in the policy that you want to remove from a particular PC.
Add that PC and click Deny. That machine then will not get that policy.

This can be used where you have applied policy to 'domain computers' and need to remove one in particular.

Beware, Deny permissions can be dangerous if used too much, as they will take precedence over all else.

Good luck
0
 
LVL 7

Expert Comment

by:tonyteri
ID: 12412029
Simple:

Move the computer to a new ou, that is not affected by the GPO.  

0
 
LVL 4

Assisted Solution

by:Beldoran
Beldoran earned 800 total points
ID: 12416872
If cjjimbos has a 'simple' domain sturcture, eg computers in the computers container and group policy at the root, then moving to a new ou will not help. In an ideal world I would also (like many other above) recomend restructuring the domain structure to allow what you wish, but often this is beyond your ability to do (either due to lack of knowledge or lack of 'political'/'IT' power - eg THEY won't let you)

If the latter is the case, then Deny is one option and removing the machine from the domain is the only other option.

Bel

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question