Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Group Policy

Posted on 2010-08-26
5
Medium Priority
?
863 Views
Last Modified: 2012-05-10
I have a group policy that disables "Enable native XMLHTTP support" for all the servers in one OU, I am adding a 2008 R2 Ent x64 server to that OU, but this server needs it enabled.

This server needs to be in this OU, any solution?
0
Comment
Question by:nourben
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 2

Assisted Solution

by:Juliancito
Juliancito earned 600 total points
ID: 33536382
Create Anather OU inside that OU, put the Server there, create a GPU for that OU with Enable native XMLHTTP support"
0
 
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 600 total points
ID: 33536547
you could modify the permissions on the GPO and put an explicit DENY for that server.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33536551
only if that the XML is the the only setting on the GPO ;)
0
 
LVL 12

Expert Comment

by:Rant32
ID: 33536602
Agreed, creating a sub-OU enables you to override the setting.

If you reallyreallyreally can't move the computer object to another OU, I would wonder what created that dependency. The only thing I can think of is that some automation/scripts is dependent on the LDAP path of the server. Nasty.

If you really must use this OU, you can also create a higher ranking GPO for that OU, and configure GPO security such that only the x64 server has the "Apply policy" permission. The higher ranking setting will win, but only for that server.
0
 
LVL 12

Accepted Solution

by:
Rant32 earned 800 total points
ID: 33536826
To recap:

1) Create and configure the policy that will override the setting. Don't link it yet.
2) Create a Global security group "Enable native XMLHTTP" or something. Add the server to that group.
3) Open the policy's properties
4) Disable the User portion of the policy with the checkbox (I assume it's a computer setting). Then hit tab Security.
5) Remove the Authenticated Users group from the list.
6) Add the security group you just created and grant the Apply Policy permission
7) Link the GPO to the OU
8) Make sure the overriding policy is listed first (Link Order 1)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question