Solved

Group Policy deny or exclude

Posted on 2007-03-26
5
2,878 Views
Last Modified: 2008-02-01
I have a GPO setup which has close to 100 settings for User node.  I want to apply the same gpo, but minus 2 settings.  What is the most efficient way of doing so.... another GPO with security filtering, or create another OU with the 2 settings exluded... or other ideas are welcome.
0
Comment
Question by:rtmcmullen
5 Comments
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 50 total points
ID: 18797472
Unfortunately you can't deny the application of GPOs at the per-setting level (though if wishing could make it so...), you can only do so for an entire Group Policy Object.

To do what you're describing, you'll need to copy the existing GPO to a new GPO, make the changes you want to the new GPO and then maintain the two separate GPOs separately.  :-(

(I wish I had better news for you.)

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18797540
agree with above...you are going to get to look after an additional one :) its not so bad with GPMC though.....
0
 
LVL 25

Expert Comment

by:Ron M
ID: 18801050
Create two seperate GPO's applied to the same OU.  Use security filtering to allow/deny the the gpo with the two settings...to whatever user/group you like.

Or you can create a seperate OU, underneath the other, and block inheritance.

Group policy is very granular...several ways to do the same thing.
0
 
LVL 25

Accepted Solution

by:
Ron M earned 75 total points
ID: 18801053
Create two seperate GPO's applied to the same OU.  Use security filtering to allow/deny the the gpo with the two settings...to whatever user/group you like.

Or you can create a seperate OU, underneath the other, and block inheritance.

Group policy is very granular...several ways to do the same thing.
0
 

Author Comment

by:rtmcmullen
ID: 18841050
Thanks to both LauraEHunterMVP & xuserx2000 for your creative approach.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now