Solved

GPO Exception on servers

Posted on 2010-09-08
3
525 Views
Last Modified: 2012-05-10
I've configured a printer GPO for our user's container in Active Directory.  I'm using group filtering on the GPO so that I can apply it to the entire user's container, but only those in the group receive the policy.  A select number of these users do have management responsibilities on some servers.  is there a way to filter out the user based policy so that it does not run on the Servers.  The servers and users are in separate OU's and must remain that way.  Would a WMI filter work for this?  If so, what might it look like?
0
Comment
Question by:patriots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33627411
What I'd do is create those users a second account.  That would be their management account with their elevated rights.  Then put them in an OU that doesn't get the policy.   It is generally best practice for users that have admin/elevated rights to have two accounts.   Log in day to day with the "normal" account and only use the elevated account when they need it to run their tasks.
 
Thanks
 
Mike
0
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 500 total points
ID: 33627493
I think a WMI filter will work for what you are trying to do. . WMI filters will only appply the GPO if they evaulate to true. I would suggest creating a filter to test for the operating system caption. Basically what you will want to is use something like below. This will test for XP and windows 7 operating system.

SELECT Version FROM Win32_OperatingSystem WHERE Caption LIKE "Microsoft Windows XP%" OR Caption LIKE "Microsoft Windows 7%"

You can add as many other OS's in that box as you want. This way if the WMI query runs on a server it  will evaluate to false and the GPO will not run.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 33627509
Also a great tool for testing your WMI filters once you created them is WMIFtest from gpoguy.com

http://www.gpoguy.com/FreeTools/FreeToolsLibrary/tabid/67/agentType/View/PropertyID/93/Default.aspx 

This will let you pick any of your WMI filters and test them against any computer/server in your organization. If it evaluates to TRUE the GPO will be applied FALSE it will be skipped.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question