Solved

How to exclude AD object computer from GPO, DC Windows 2003 server standard edit

Posted on 2009-04-09
3
782 Views
Last Modified: 2012-05-06
I want to exlude AD object computer from a new created GPO. I have created OU "Policy Exceptions" and moved selected computer there, but I do know how to exclude that OU from the policy. I know that I can do it using WMI filter, not sure about the syntax.
0
Comment
Question by:itconsultant1
3 Comments
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 200 total points
ID: 24109950

A Group Policy will apply to the container ('parent' container) where it is joined, and all the child containers of that container. For example, if you link a GPO to the root of the domain, it will apply to all appropriate objects in the domain.

To exempt a particular OU from one particular policy, you will need to shuffle your OU structure and link the GPO to an OU lower down the structure, where it will not be inherited by the Policy Exceptions OU.

If you simply want the Policy Exceptions OU to be exempt from all GPOs defined in the parent containers, open Group Policy Management and block inheritance on that OU. This will mean only policies linked explicitly to the Policy Exceptions OU will be applied to objects within that OU.

-Matt
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 300 total points
ID: 24110001
What you could also do is make all those computers a member of a group.  Call it "Deny Policy" for example.
Then you can use security filtering on the GPO to deny read & apply group policy to that group.  
The GPO will then not apply to that group
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24307352.html?cid=236#a24101553
In that example I showed security filtering for an individual user but the same concept applies for the group
Thanks
Mike
 
0
 

Author Comment

by:itconsultant1
ID: 24110520
Thank you for the fast answer! It worked :)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now