Group Policies

Posted on 2004-10-25
Last Modified: 2010-04-10
I have set group policies for all computers within my domain, on my domain controller in active directory.  I now want to take away group policies for one of the PCs.  What is the best way for me to eliminate group policies on a PC that is getting it from the server/domain controller?
Reason is that I set one of the group polices to hide the C: drive on all the PCs.  The problem is that one of our PCs, I have loaded software on it locally.  In order for those users to use the program(locally installed), they will need access to the C: drive.
I tried to share the C: drive(under current policies), tried to create a shortcut(didnt work), and so on.  I cannot load it on the Server, because it is a program that doesnt have the capabillities to map a drive to it.(I dont know why).

Any suggestions great wizards of the IT World?!?!

Question by:cjjimbos
    LVL 2

    Accepted Solution

    You just have to remove the PC account from the Organizational Unit you´ve added to, and remove User also...
    And that´s it.. If you want to add all other policies only for this PC, you need to add it to another Organizational Unit and put restrictions to it...
    Hope this helps!
    LVL 2

    Assisted Solution

    Yeah, what we have done here is create OU's Called "C: drive access" that changes the hiding of the C: drive.  You may also just be able to give the users (write) access to the program directory and create a shortcut on the All Users desktop to the app.
    LVL 2

    Assisted Solution

    I would create a new OU (Organizational Unit) and move the computer that needs access to that OU.  This will remove any group policies associated with that computer.  If you need any other policies attached you will have to re-add them.  

    I do not recommend linking policies as it can be hard to manage or track.  

    I would also recommend creating OU's for each department, this will allow you to apply policies with different levels of access and make it easier to manage AD.

    If you have any other questions please post.

    Good luck & I hope this helps.

    LVL 4

    Expert Comment

    A quick fix may be to go to the security tab in the policy that you want to remove from a particular PC.
    Add that PC and click Deny. That machine then will not get that policy.

    This can be used where you have applied policy to 'domain computers' and need to remove one in particular.

    Beware, Deny permissions can be dangerous if used too much, as they will take precedence over all else.

    Good luck
    LVL 7

    Expert Comment


    Move the computer to a new ou, that is not affected by the GPO.  

    LVL 4

    Assisted Solution

    If cjjimbos has a 'simple' domain sturcture, eg computers in the computers container and group policy at the root, then moving to a new ou will not help. In an ideal world I would also (like many other above) recomend restructuring the domain structure to allow what you wish, but often this is beyond your ability to do (either due to lack of knowledge or lack of 'political'/'IT' power - eg THEY won't let you)

    If the latter is the case, then Deny is one option and removing the machine from the domain is the only other option.



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Let’s list some of the technologies that enable smooth teleworking. 
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now