Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Group Policy deny or exclude

Posted on 2007-03-26
5
Medium Priority
?
2,890 Views
Last Modified: 2008-02-01
I have a GPO setup which has close to 100 settings for User node.  I want to apply the same gpo, but minus 2 settings.  What is the most efficient way of doing so.... another GPO with security filtering, or create another OU with the 2 settings exluded... or other ideas are welcome.
0
Comment
Question by:rtmcmullen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 200 total points
ID: 18797472
Unfortunately you can't deny the application of GPOs at the per-setting level (though if wishing could make it so...), you can only do so for an entire Group Policy Object.

To do what you're describing, you'll need to copy the existing GPO to a new GPO, make the changes you want to the new GPO and then maintain the two separate GPOs separately.  :-(

(I wish I had better news for you.)

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18797540
agree with above...you are going to get to look after an additional one :) its not so bad with GPMC though.....
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 18801050
Create two seperate GPO's applied to the same OU.  Use security filtering to allow/deny the the gpo with the two settings...to whatever user/group you like.

Or you can create a seperate OU, underneath the other, and block inheritance.

Group policy is very granular...several ways to do the same thing.
0
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 300 total points
ID: 18801053
Create two seperate GPO's applied to the same OU.  Use security filtering to allow/deny the the gpo with the two settings...to whatever user/group you like.

Or you can create a seperate OU, underneath the other, and block inheritance.

Group policy is very granular...several ways to do the same thing.
0
 

Author Comment

by:rtmcmullen
ID: 18841050
Thanks to both LauraEHunterMVP & xuserx2000 for your creative approach.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question