Solved

Setting group policy to just one computer

Posted on 2010-09-01
10
357 Views
Last Modified: 2012-05-10
Is it possilbe to assign a group policy to just one computer within an OU with several other PCs in there?

This one PC needs to have the windows firewall DISABLED as it is blocking services required for an application even with all the correct exceptions in place.

0
Comment
Question by:MSSC_support
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 32

Expert Comment

by:PowerEdgeTech
Comment Utility
You could move the computer to a new OU, then, based on the existing GPO, you could create a new GPO, then change it.
0
 
LVL 10

Accepted Solution

by:
scriven_j earned 400 total points
Comment Utility
No, but you can achieve this by creating a sub-OU within the OU that the computers are in and then apply a specific Group Policy for the firewall changes.
This will mean that the computer gets all the policies on the parent OU, but the firewall policy will override anything higher up.
 
0
 
LVL 10

Expert Comment

by:scriven_j
Comment Utility
Of course, what PowerEdgeTech has said is also true, but if you do it my way, then subsequent group policy changes will not need to be duplicated over 2 OU's.
0
 
LVL 5

Assisted Solution

by:MrN1c3
MrN1c3 earned 100 total points
Comment Utility
You can assign a GPO to just one machine.

Link the GPO to the relevant OU as normal.  On the "scope" tab, amend the "security filtering".  Remove any entries from sec filtering, then simply add the hostname of the PC.
0
 
LVL 2

Expert Comment

by:esafdia
Comment Utility
MrN1C3 is Correct, It's not best practices but that method does work.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 10

Expert Comment

by:scriven_j
Comment Utility
So does mine!  What is best practise then?
0
 
LVL 2

Expert Comment

by:esafdia
Comment Utility
Best practise is to put it in a seperate OU.
0
 
LVL 5

Expert Comment

by:MrN1c3
Comment Utility
MSSC - My post above answers your question, you can actualy assign a GPO to a single computer.

scriven_j has posted what I would consider best practice, and exactly how you should approach this.
0
 
LVL 2

Expert Comment

by:esafdia
Comment Utility
Agreed on both counts.
0
 

Author Closing Comment

by:MSSC_support
Comment Utility
I think adding it to a sub OU would be better than assigning it to the individual as if i need to add any more computers to the rule I will just place it in the OU.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now