Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to exclude AD object computer from GPO, DC Windows 2003 server standard edit

Posted on 2009-04-09
3
Medium Priority
?
797 Views
Last Modified: 2012-05-06
I want to exlude AD object computer from a new created GPO. I have created OU "Policy Exceptions" and moved selected computer there, but I do know how to exclude that OU from the policy. I know that I can do it using WMI filter, not sure about the syntax.
0
Comment
Question by:itconsultant1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 800 total points
ID: 24109950

A Group Policy will apply to the container ('parent' container) where it is joined, and all the child containers of that container. For example, if you link a GPO to the root of the domain, it will apply to all appropriate objects in the domain.

To exempt a particular OU from one particular policy, you will need to shuffle your OU structure and link the GPO to an OU lower down the structure, where it will not be inherited by the Policy Exceptions OU.

If you simply want the Policy Exceptions OU to be exempt from all GPOs defined in the parent containers, open Group Policy Management and block inheritance on that OU. This will mean only policies linked explicitly to the Policy Exceptions OU will be applied to objects within that OU.

-Matt
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1200 total points
ID: 24110001
What you could also do is make all those computers a member of a group.  Call it "Deny Policy" for example.
Then you can use security filtering on the GPO to deny read & apply group policy to that group.  
The GPO will then not apply to that group
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24307352.html?cid=236#a24101553
In that example I showed security filtering for an individual user but the same concept applies for the group
Thanks
Mike
 
0
 

Author Comment

by:itconsultant1
ID: 24110520
Thank you for the fast answer! It worked :)
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question