Solved

How to exclude AD object computer from GPO, DC Windows 2003 server standard edit

Posted on 2009-04-09
3
781 Views
Last Modified: 2012-05-06
I want to exlude AD object computer from a new created GPO. I have created OU "Policy Exceptions" and moved selected computer there, but I do know how to exclude that OU from the policy. I know that I can do it using WMI filter, not sure about the syntax.
0
Comment
Question by:itconsultant1
3 Comments
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 200 total points
ID: 24109950

A Group Policy will apply to the container ('parent' container) where it is joined, and all the child containers of that container. For example, if you link a GPO to the root of the domain, it will apply to all appropriate objects in the domain.

To exempt a particular OU from one particular policy, you will need to shuffle your OU structure and link the GPO to an OU lower down the structure, where it will not be inherited by the Policy Exceptions OU.

If you simply want the Policy Exceptions OU to be exempt from all GPOs defined in the parent containers, open Group Policy Management and block inheritance on that OU. This will mean only policies linked explicitly to the Policy Exceptions OU will be applied to objects within that OU.

-Matt
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 300 total points
ID: 24110001
What you could also do is make all those computers a member of a group.  Call it "Deny Policy" for example.
Then you can use security filtering on the GPO to deny read & apply group policy to that group.  
The GPO will then not apply to that group
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24307352.html?cid=236#a24101553
In that example I showed security filtering for an individual user but the same concept applies for the group
Thanks
Mike
 
0
 

Author Comment

by:itconsultant1
ID: 24110520
Thank you for the fast answer! It worked :)
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now