Solved

Group Policy deny or exclude

Posted on 2007-03-26
5
2,881 Views
Last Modified: 2008-02-01
I have a GPO setup which has close to 100 settings for User node.  I want to apply the same gpo, but minus 2 settings.  What is the most efficient way of doing so.... another GPO with security filtering, or create another OU with the 2 settings exluded... or other ideas are welcome.
0
Comment
Question by:rtmcmullen
5 Comments
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 50 total points
ID: 18797472
Unfortunately you can't deny the application of GPOs at the per-setting level (though if wishing could make it so...), you can only do so for an entire Group Policy Object.

To do what you're describing, you'll need to copy the existing GPO to a new GPO, make the changes you want to the new GPO and then maintain the two separate GPOs separately.  :-(

(I wish I had better news for you.)

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18797540
agree with above...you are going to get to look after an additional one :) its not so bad with GPMC though.....
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 18801050
Create two seperate GPO's applied to the same OU.  Use security filtering to allow/deny the the gpo with the two settings...to whatever user/group you like.

Or you can create a seperate OU, underneath the other, and block inheritance.

Group policy is very granular...several ways to do the same thing.
0
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 75 total points
ID: 18801053
Create two seperate GPO's applied to the same OU.  Use security filtering to allow/deny the the gpo with the two settings...to whatever user/group you like.

Or you can create a seperate OU, underneath the other, and block inheritance.

Group policy is very granular...several ways to do the same thing.
0
 

Author Comment

by:rtmcmullen
ID: 18841050
Thanks to both LauraEHunterMVP & xuserx2000 for your creative approach.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question