GPO Exception on servers

I've configured a printer GPO for our user's container in Active Directory.  I'm using group filtering on the GPO so that I can apply it to the entire user's container, but only those in the group receive the policy.  A select number of these users do have management responsibilities on some servers.  is there a way to filter out the user based policy so that it does not run on the Servers.  The servers and users are in separate OU's and must remain that way.  Would a WMI filter work for this?  If so, what might it look like?
patriotsAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Joseph DalyConnect With a Mentor Commented:
I think a WMI filter will work for what you are trying to do. . WMI filters will only appply the GPO if they evaulate to true. I would suggest creating a filter to test for the operating system caption. Basically what you will want to is use something like below. This will test for XP and windows 7 operating system.

SELECT Version FROM Win32_OperatingSystem WHERE Caption LIKE "Microsoft Windows XP%" OR Caption LIKE "Microsoft Windows 7%"

You can add as many other OS's in that box as you want. This way if the WMI query runs on a server it  will evaluate to false and the GPO will not run.
0
 
Mike KlineCommented:
What I'd do is create those users a second account.  That would be their management account with their elevated rights.  Then put them in an OU that doesn't get the policy.   It is generally best practice for users that have admin/elevated rights to have two accounts.   Log in day to day with the "normal" account and only use the elevated account when they need it to run their tasks.
 
Thanks
 
Mike
0
 
Joseph DalyCommented:
Also a great tool for testing your WMI filters once you created them is WMIFtest from gpoguy.com

http://www.gpoguy.com/FreeTools/FreeToolsLibrary/tabid/67/agentType/View/PropertyID/93/Default.aspx 

This will let you pick any of your WMI filters and test them against any computer/server in your organization. If it evaluates to TRUE the GPO will be applied FALSE it will be skipped.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.