Avoid GPO being applied to administrator

I configured the Default GPO as we need it and it is working great. However, it is also being applied whenever I log on as the domain admin.

What must I configure to prevent the domain admin from having this policy applied?
bnrtechAsked:
Who is Participating?
 
craigothyConnect With a Mentor Commented:
See the following link.  This should help you.
http://support.microsoft.com/kb/816100
0
 
JBlondConnect With a Mentor Commented:
Click on the policy, select the delegate-tab, click on Advanced in the lower right corner, add the Administrator-account and check the Deny-box so that the policy cannot be applied...


0
 
bnrtechAuthor Commented:
Craigothy - Thanks for this info. However, this GP is on our domain controller so it requires that we use the GP Management interface. Thru this interface I do not have the options noted in the kb article you provided. If there was a different article specific to the GP management interface that would be helpful

JBlond - I tried as you suggested. Unless I am missing something setting Deny on all options only made it so that the admin account could not interact with the GP management interface. What am I missing?

Thanks
0
 
craigothyCommented:
You do not want to set the administrator account to "deny" on all options,
only click "deny" for:
"apply group policy"
This will still allow the administrator account to administer the policy, it just won't be applied to the administrator
0
 
JBlondCommented:
@bnrtech

The KB-article describes how to set the value if the GP management console is not installed, but it descibes also to set only the "apply group policy" option to deny. As craigothy already said, don't set all options to deny, only the "apply group policy" option.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.