Solved

Exempt one machine certain rules from Windows 2003 group policy

Posted on 2006-10-23
10
1,284 Views
Last Modified: 2012-06-27
Hi everyone,

I have setup a domain wide group policy. One of the rules, enables the screen saver and prompts for a password after resuming from the screen saver.

I wish to exclude one machine on the network from this rule, how can this be done?

If I set the local group policy, I am guessing that the Domain GP will take presedence?

Thanks for your help.

Kind Regards,
Ad
0
Comment
Question by:expert-ad
  • 6
  • 3
10 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17787172
Have you set this for the user or computer.  Either way you can put the machine in a different OU which has the policy blocked (unless you set no block which overrides that) or add the computer to the security of that GPO and give it Deny against Apply Group Policy.

Steve
0
 

Author Comment

by:expert-ad
ID: 17787202
Hi,

Thanks for your reply. I have set this rule for the user, rather than computer. I still require this machine to apply every other rule in the group policy, I just want this single machine to be exempt from that one rule, but still apply all the others.

Thanks again.

Ad
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17787221
You'll have to get into loopback processing to do that I believe -- you are applying policy to all users but one one machine not to get it.  If this was excluding one machine from a machine policy or one user from a user policy would suggest splitting the particular settings of into a different GPO or assinging one reversing the settings on the user/machne's OU

I haven't used this much and don't have access at the moment to describe the process for you.  Someone else will no doubt in a minute, otherwise will look again later.

Steve
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17787331
Create 2 OU's in active directory
Place all the systems you want the policy applied to in one OU, and the the one you don't want the policy applied to in the other

Move the group policies to the appropriet OUs (you can have the same GP applied to both OUs and just have the screen saver GP applied to the one).

If you leave the GP at the domain level, it dosen't matter what OU you put the computer in, it will get the GP.

eb
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17787450
My point here was he wanted it applied to users and to not apply to one machine.  That has to involve loopback processing surely?
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17787482
If you want it applied to users, then put the users in the OU and apply the GP to that.  No need to mess with loopback
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17787493
But he wants it to NOT apply to just one, presuambly regardless of which user logs in...

Here goes:
http://support.microsoft.com/kb/231287

"1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option "
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17787508
Then if you apply the GP to an OU with computes in it, and yes you can set the GP in the user section, any user that logs into a computer in the OU with the GP will get the GP.

eb
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 125 total points
ID: 17787538
So ...

Create a new policy which applies only to that computer, either by putting it in a different OU or using the apply policy with just that computer name listed.  In this policy set it the reverse of the other settings (i.e. disabled in instead of enabled, not "not configured".  Turn on loopback processing as above.

Now all users logging onto that box should get the user settings from the policy that applies to the computer

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18323230
Thanks for the answer.  Why the B grade?
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Join & Write a Comment

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
Let’s list some of the technologies that enable smooth teleworking. 
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now