We help IT Professionals succeed at work.

How do I prevent domain admins from acquiring enforced group policy settings on a entire domain?

313 Views
Last Modified: 2012-05-07
I have an active directory domain that has a Standard Domain Policy which is set to "enforced".
Recently, changes were made to the USER configuration of the policy (Do not permit changing proxy settings) and this seemed to work well, however, domain admins have advised that the policy has also applied to them.
Two things I should point out;
-It's not really necessary for domain admins to have the "Standard Domain Options" apply to them at all.
-The domain policy needs to remain "enforced".
I have toyed with security filtering and cannot seem to get around this.
Any thoughts?
Thanks!
Lab_Tech
Comment
Watch Question

Apply domain policy to domain users, not everyone
CERTIFIED EXPERT
Author of the Year 2010
Top Expert 2010

Commented:
You could create an OU in Active Directory and block inheritance on this OU but link the Domain Policy to the new OU so that it remains enforced.
CERTIFIED EXPERT
Top Expert 2013
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Many thanks; This is exactly what I needed. The reason it did not work for me when I first played areound with the security filtering is that I had set read as deny without setting Apply group policy. Duh so simple!!!! Many thanks!!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.