Denying GPO to AD group
Posted on 2009-04-04
We are running Windows 2003 AD.
I have a GPO that will cause some restrictions on users logging onto computers within a certain OU.
I would like it that anyone in the AD group, Group1, did not have these settings applied.
Is it possible to deny the GPO to this group and how?
Also - say I had a setting that prevented from users from shutting down the server, would this apply to anyone logging onto the server, even those in the Adminstrators (local) group?