Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Avoid GPO being applied to administrator

Posted on 2009-04-02
6
Medium Priority
?
478 Views
Last Modified: 2012-06-21
I configured the Default GPO as we need it and it is working great. However, it is also being applied whenever I log on as the domain admin.

What must I configure to prevent the domain admin from having this policy applied?
0
Comment
Question by:bnrtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 9

Accepted Solution

by:
craigothy earned 1000 total points
ID: 24050169
See the following link.  This should help you.
http://support.microsoft.com/kb/816100
0
 
LVL 21

Assisted Solution

by:JBlond
JBlond earned 1000 total points
ID: 24050194
Click on the policy, select the delegate-tab, click on Advanced in the lower right corner, add the Administrator-account and check the Deny-box so that the policy cannot be applied...


0
 

Author Comment

by:bnrtech
ID: 24054090
Craigothy - Thanks for this info. However, this GP is on our domain controller so it requires that we use the GP Management interface. Thru this interface I do not have the options noted in the kb article you provided. If there was a different article specific to the GP management interface that would be helpful

JBlond - I tried as you suggested. Unless I am missing something setting Deny on all options only made it so that the admin account could not interact with the GP management interface. What am I missing?

Thanks
0
 
LVL 9

Expert Comment

by:craigothy
ID: 24056252
You do not want to set the administrator account to "deny" on all options,
only click "deny" for:
"apply group policy"
This will still allow the administrator account to administer the policy, it just won't be applied to the administrator
0
 
LVL 21

Expert Comment

by:JBlond
ID: 24057623
@bnrtech

The KB-article describes how to set the value if the GP management console is not installed, but it descibes also to set only the "apply group policy" option to deny. As craigothy already said, don't set all options to deny, only the "apply group policy" option.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question