Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Avoid GPO being applied to administrator

Posted on 2009-04-02
6
Medium Priority
?
482 Views
Last Modified: 2012-06-21
I configured the Default GPO as we need it and it is working great. However, it is also being applied whenever I log on as the domain admin.

What must I configure to prevent the domain admin from having this policy applied?
0
Comment
Question by:bnrtech
  • 2
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
craigothy earned 1000 total points
ID: 24050169
See the following link.  This should help you.
http://support.microsoft.com/kb/816100
0
 
LVL 21

Assisted Solution

by:JBlond
JBlond earned 1000 total points
ID: 24050194
Click on the policy, select the delegate-tab, click on Advanced in the lower right corner, add the Administrator-account and check the Deny-box so that the policy cannot be applied...


0
 

Author Comment

by:bnrtech
ID: 24054090
Craigothy - Thanks for this info. However, this GP is on our domain controller so it requires that we use the GP Management interface. Thru this interface I do not have the options noted in the kb article you provided. If there was a different article specific to the GP management interface that would be helpful

JBlond - I tried as you suggested. Unless I am missing something setting Deny on all options only made it so that the admin account could not interact with the GP management interface. What am I missing?

Thanks
0
 
LVL 9

Expert Comment

by:craigothy
ID: 24056252
You do not want to set the administrator account to "deny" on all options,
only click "deny" for:
"apply group policy"
This will still allow the administrator account to administer the policy, it just won't be applied to the administrator
0
 
LVL 21

Expert Comment

by:JBlond
ID: 24057623
@bnrtech

The KB-article describes how to set the value if the GP management console is not installed, but it descibes also to set only the "apply group policy" option to deny. As craigothy already said, don't set all options to deny, only the "apply group policy" option.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question