• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 801
  • Last Modified:

How to exclude AD object computer from GPO, DC Windows 2003 server standard edit

I want to exlude AD object computer from a new created GPO. I have created OU "Policy Exceptions" and moved selected computer there, but I do know how to exclude that OU from the policy. I know that I can do it using WMI filter, not sure about the syntax.
0
itconsultant1
Asked:
itconsultant1
2 Solutions
 
tigermattCommented:

A Group Policy will apply to the container ('parent' container) where it is joined, and all the child containers of that container. For example, if you link a GPO to the root of the domain, it will apply to all appropriate objects in the domain.

To exempt a particular OU from one particular policy, you will need to shuffle your OU structure and link the GPO to an OU lower down the structure, where it will not be inherited by the Policy Exceptions OU.

If you simply want the Policy Exceptions OU to be exempt from all GPOs defined in the parent containers, open Group Policy Management and block inheritance on that OU. This will mean only policies linked explicitly to the Policy Exceptions OU will be applied to objects within that OU.

-Matt
0
 
Mike KlineCommented:
What you could also do is make all those computers a member of a group.  Call it "Deny Policy" for example.
Then you can use security filtering on the GPO to deny read & apply group policy to that group.  
The GPO will then not apply to that group
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24307352.html?cid=236#a24101553
In that example I showed security filtering for an individual user but the same concept applies for the group
Thanks
Mike
 
0
 
itconsultant1Author Commented:
Thank you for the fast answer! It worked :)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now