?
Solved

Group Policy deny or exclude

Posted on 2007-03-26
5
Medium Priority
?
2,893 Views
Last Modified: 2008-02-01
I have a GPO setup which has close to 100 settings for User node.  I want to apply the same gpo, but minus 2 settings.  What is the most efficient way of doing so.... another GPO with security filtering, or create another OU with the 2 settings exluded... or other ideas are welcome.
0
Comment
Question by:rtmcmullen
5 Comments
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 200 total points
ID: 18797472
Unfortunately you can't deny the application of GPOs at the per-setting level (though if wishing could make it so...), you can only do so for an entire Group Policy Object.

To do what you're describing, you'll need to copy the existing GPO to a new GPO, make the changes you want to the new GPO and then maintain the two separate GPOs separately.  :-(

(I wish I had better news for you.)

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18797540
agree with above...you are going to get to look after an additional one :) its not so bad with GPMC though.....
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 18801050
Create two seperate GPO's applied to the same OU.  Use security filtering to allow/deny the the gpo with the two settings...to whatever user/group you like.

Or you can create a seperate OU, underneath the other, and block inheritance.

Group policy is very granular...several ways to do the same thing.
0
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 300 total points
ID: 18801053
Create two seperate GPO's applied to the same OU.  Use security filtering to allow/deny the the gpo with the two settings...to whatever user/group you like.

Or you can create a seperate OU, underneath the other, and block inheritance.

Group policy is very granular...several ways to do the same thing.
0
 

Author Comment

by:rtmcmullen
ID: 18841050
Thanks to both LauraEHunterMVP & xuserx2000 for your creative approach.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question