This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.
Course Of The Month
8 days, 23 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Exempt one machine certain rules from Windows 2003 group policy
Posted on 2006-10-23
Hi everyone,
I have setup a domain wide group policy. One of the rules, enables the screen saver and prompts for a password after resuming from the screen saver.
I wish to exclude one machine on the network from this rule, how can this be done?
If I set the local group policy, I am guessing that the Domain GP will take presedence?
Thanks for your help.
Kind Regards,
Ad
I have setup a domain wide group policy. One of the rules, enables the screen saver and prompts for a password after resuming from the screen saver.
I wish to exclude one machine on the network from this rule, how can this be done?
If I set the local group policy, I am guessing that the Domain GP will take presedence?
Thanks for your help.
Kind Regards,
Ad
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
6
3
10 Comments
Active 1 day ago
Have you set this for the user or computer. Either way you can put the machine in a different OU which has the policy blocked (unless you set no block which overrides that) or add the computer to the security of that GPO and give it Deny against Apply Group Policy.
Steve
Steve
Hi,
Thanks for your reply. I have set this rule for the user, rather than computer. I still require this machine to apply every other rule in the group policy, I just want this single machine to be exempt from that one rule, but still apply all the others.
Thanks again.
Ad
Thanks for your reply. I have set this rule for the user, rather than computer. I still require this machine to apply every other rule in the group policy, I just want this single machine to be exempt from that one rule, but still apply all the others.
Thanks again.
Ad
Active 1 day ago
You'll have to get into loopback processing to do that I believe -- you are applying policy to all users but one one machine not to get it. If this was excluding one machine from a machine policy or one user from a user policy would suggest splitting the particular settings of into a different GPO or assinging one reversing the settings on the user/machne's OU
I haven't used this much and don't have access at the moment to describe the process for you. Someone else will no doubt in a minute, otherwise will look again later.
Steve
I haven't used this much and don't have access at the moment to describe the process for you. Someone else will no doubt in a minute, otherwise will look again later.
Steve
Create 2 OU's in active directory
Place all the systems you want the policy applied to in one OU, and the the one you don't want the policy applied to in the other
Move the group policies to the appropriet OUs (you can have the same GP applied to both OUs and just have the screen saver GP applied to the one).
If you leave the GP at the domain level, it dosen't matter what OU you put the computer in, it will get the GP.
eb
Place all the systems you want the policy applied to in one OU, and the the one you don't want the policy applied to in the other
Move the group policies to the appropriet OUs (you can have the same GP applied to both OUs and just have the screen saver GP applied to the one).
If you leave the GP at the domain level, it dosen't matter what OU you put the computer in, it will get the GP.
eb
Active 1 day ago
My point here was he wanted it applied to users and to not apply to one machine. That has to involve loopback processing surely?
If you want it applied to users, then put the users in the OU and apply the GP to that. No need to mess with loopback
Active 1 day ago
But he wants it to NOT apply to just one, presuambly regardless of which user logs in...
Here goes:
http://support.microsoft.com/kb/231287
"1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option "
Here goes:
http://support.microsoft.com/kb/231287
"1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option "
Then if you apply the GP to an OU with computes in it, and yes you can set the GP in the user section, any user that logs into a computer in the OU with the GP will get the GP.
eb
eb
Active 1 day ago
So ...
Create a new policy which applies only to that computer, either by putting it in a different OU or using the apply policy with just that computer name listed. In this policy set it the reverse of the other settings (i.e. disabled in instead of enabled, not "not configured". Turn on loopback processing as above.
Now all users logging onto that box should get the user settings from the policy that applies to the computer
Create a new policy which applies only to that computer, either by putting it in a different OU or using the apply policy with just that computer name listed. In this policy set it the reverse of the other settings (i.e. disabled in instead of enabled, not "not configured". Turn on loopback processing as above.
Now all users logging onto that box should get the user settings from the policy that applies to the computer
Featured Post
The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month8 days, 23 hours left to enroll
Earn Certification
Cisco CCNA Data Center: DCICT
$197.00$177.30
Earn Certification
Cisco CCNP Security: SIMOS
$197.00$177.30
615 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.