Stop GPO applying to a specific server

Posted on 2007-10-02
Last Modified: 2011-10-03
We have a SITE policy that calls a login script. (user settings)

how do i stop this logon script running on the a few of the servers that are in the site?

windows 2003 AD
Question by:mhamer
    LVL 30

    Accepted Solution

    Create a security group containing the computer accounts for the servers in question.  In the properties of the GPO, DENY the Apply Group Policy permission to this security group.
    LVL 12

    Expert Comment

    As you are looking for you could very well prevent the script from running on servers, but you want to make sure that the policy that you don't want to run on the servers isn't being used for anything that is supposed to be applied to the servers.  What you would need to do is create a security group and add the computer accounts of all the servers you do not want the script to run on to this group.  Once you have the group created, create a replica policy of the one that is used to run the script.  In the replica policy remove the setting for the script.  After you have done that, set the security on the policy that runs the script so that the security group you created earlier has the right of Deny set to Apply this Policy.  On the replica policy, add the security group you created earlier and set the right to Allow.  Make sure you remove the group for Authenticated Users from the replica policy.

    The easiest way to resolve your issue though is to simply modify the script so that it will not run on servers.


    Author Comment

    hi, Lauras answer was what i was looing for i remember doing it before but forgot.

    I do have a login script which ignores the server just wanted to recall the gpo method


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now