Solved

Avoid GPO being applied to administrator

Posted on 2009-04-02
6
433 Views
Last Modified: 2012-06-21
I configured the Default GPO as we need it and it is working great. However, it is also being applied whenever I log on as the domain admin.

What must I configure to prevent the domain admin from having this policy applied?
0
Comment
Question by:bnrtech
  • 2
  • 2
6 Comments
 
LVL 9

Accepted Solution

by:
craigothy earned 250 total points
ID: 24050169
See the following link.  This should help you.
http://support.microsoft.com/kb/816100
0
 
LVL 21

Assisted Solution

by:JBlond
JBlond earned 250 total points
ID: 24050194
Click on the policy, select the delegate-tab, click on Advanced in the lower right corner, add the Administrator-account and check the Deny-box so that the policy cannot be applied...


0
 

Author Comment

by:bnrtech
ID: 24054090
Craigothy - Thanks for this info. However, this GP is on our domain controller so it requires that we use the GP Management interface. Thru this interface I do not have the options noted in the kb article you provided. If there was a different article specific to the GP management interface that would be helpful

JBlond - I tried as you suggested. Unless I am missing something setting Deny on all options only made it so that the admin account could not interact with the GP management interface. What am I missing?

Thanks
0
 
LVL 9

Expert Comment

by:craigothy
ID: 24056252
You do not want to set the administrator account to "deny" on all options,
only click "deny" for:
"apply group policy"
This will still allow the administrator account to administer the policy, it just won't be applied to the administrator
0
 
LVL 21

Expert Comment

by:JBlond
ID: 24057623
@bnrtech

The KB-article describes how to set the value if the GP management console is not installed, but it descibes also to set only the "apply group policy" option to deny. As craigothy already said, don't set all options to deny, only the "apply group policy" option.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question