?
Solved

Make an exemption to a single user with GPO?

Posted on 2005-04-13
6
Medium Priority
?
399 Views
Last Modified: 2010-04-18
I have serval users in their own OU with a GPO applied.

For 1 user, I would like to make it so that the last logon name will not show on the screen when they logoff.

How can I modify or alter the GPO to allow this? Do I need to make another one?

Thanks.
0
Comment
Question by:ScottCL
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:joedoe58
ID: 13776837
Make a new OU and set a policy to that OU that do what you want. Even if it is one user today you do not know if there will be more users tomorrow
0
 
LVL 4

Expert Comment

by:tmack
ID: 13778149
the best way to do this is not to "apply" the GPO setting in the GPO managment tool, go to the advanced settings to do this. So just add that user directly and remove that atribute and maybe ever "deny" the "apply" and it will keep it from applyoing to there account. Joe is correct to and make a new OU but depending on your organization that might not be a viable option.

T
0
 
LVL 9

Expert Comment

by:joedoe58
ID: 13779980
It is always a good thing to be consistent when working with GPO's. If you make exceptions from a rule then you will soon find yourself in a mess since you do not know why a user has a problem. Therefore I recomend that you follow the same procedure to make exceptions as when your apply a rule, that way you have a consistent structure and it is much easier in the long run to make changes. As a rule of thumb you should try to never use deny in a GPO if it is possible to accomplish it in another way. I am saying this from experience, and I am sure that there are those that do not agree with me but still this is my opinion
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:ScottCL
ID: 13781226
So Joe, you would say to simply make a OU named something like "Logon Name Removed" or something, backup the current GPO, Restore to a new one in the new OU, make that single change to it, and move the user into it?
0
 
LVL 9

Expert Comment

by:joedoe58
ID: 13781360
Sounds fine to me :-)
0
 
LVL 4

Accepted Solution

by:
tmack earned 750 total points
ID: 13781488
Certainly this is not ideal, but I was just offering an option. With the new GPO management utility it’s very easy to trouble shoot GPO issues as you can just see what GPOs are applied to specific objects. The deny was just another option; I would not personally select that I would just not have the GPO applied to that individual.

My mistake in my first suggestion was that you want this to "apply" to only that user. So I would just create a GPO that has this option turned on and apply it only to them. That’s the best way to go.

Personally, I don’t make it a common practice to arbitrarily create OUs to suit a GPO schema as it can easily clutter up your AD infrastructure this is why I would avoid it.

If down the road you have more users that need this GPO applied then simply add them to the list of users the GPO is applied. Thus you can still maintain your OU structure.


T
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Screencast - Getting to Know the Pipeline
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question