?
Solved

Avoid GPO being applied to administrator

Posted on 2009-04-02
6
Medium Priority
?
469 Views
Last Modified: 2012-06-21
I configured the Default GPO as we need it and it is working great. However, it is also being applied whenever I log on as the domain admin.

What must I configure to prevent the domain admin from having this policy applied?
0
Comment
Question by:bnrtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 9

Accepted Solution

by:
craigothy earned 1000 total points
ID: 24050169
See the following link.  This should help you.
http://support.microsoft.com/kb/816100
0
 
LVL 21

Assisted Solution

by:JBlond
JBlond earned 1000 total points
ID: 24050194
Click on the policy, select the delegate-tab, click on Advanced in the lower right corner, add the Administrator-account and check the Deny-box so that the policy cannot be applied...


0
 

Author Comment

by:bnrtech
ID: 24054090
Craigothy - Thanks for this info. However, this GP is on our domain controller so it requires that we use the GP Management interface. Thru this interface I do not have the options noted in the kb article you provided. If there was a different article specific to the GP management interface that would be helpful

JBlond - I tried as you suggested. Unless I am missing something setting Deny on all options only made it so that the admin account could not interact with the GP management interface. What am I missing?

Thanks
0
 
LVL 9

Expert Comment

by:craigothy
ID: 24056252
You do not want to set the administrator account to "deny" on all options,
only click "deny" for:
"apply group policy"
This will still allow the administrator account to administer the policy, it just won't be applied to the administrator
0
 
LVL 21

Expert Comment

by:JBlond
ID: 24057623
@bnrtech

The KB-article describes how to set the value if the GP management console is not installed, but it descibes also to set only the "apply group policy" option to deny. As craigothy already said, don't set all options to deny, only the "apply group policy" option.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question