Eric
asked on
easy way to apply group policy to windows clients only. no servers
Any simple wmi filters etc i can use to do this.
i want my autoupdate policy to only effect xp/vista/7 and not server 2003/2008.
I was using a wmi filter
taht says
Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"
but my results say false wmi filter for win7. XP even says that, but i think it works for xp??? not sure. i guess. I dont know anything about wmi.
i want my autoupdate policy to only effect xp/vista/7 and not server 2003/2008.
I was using a wmi filter
taht says
Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"
but my results say false wmi filter for win7. XP even says that, but i think it works for xp??? not sure. i guess. I dont know anything about wmi.
What you should do is create a seperate OU for servers etc and a seperate OU for client machines etc and then just put those machines in their respective OU's and then apply a different policy for each OU or you can just block the policy to the servers etc.
otherwise if you prefer to do WMI filters check this for an easier way to write them:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=09dfc342-648b-4119-b7eb-783b0f7d1178&DisplayLang=en
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=09dfc342-648b-4119-b7eb-783b0f7d1178&DisplayLang=en
ASKER
i used to block the server names as i use computer policy.
now i have to many and its high maintenance.
i could do the OU i guess. I mostly have that in place anyway. I have no override on my policy, so i would have to remove that and block inheritance?
I leave windows pc's in the default container.
I get confused sometimes when to use a computer policy vs user. Does it really matter in this case? Figured computer would allow me to apply it to just the computers ou and not the root where I have it now. Then i would nto need to block inheritance if I move servers.
now i have to many and its high maintenance.
i could do the OU i guess. I mostly have that in place anyway. I have no override on my policy, so i would have to remove that and block inheritance?
I leave windows pc's in the default container.
I get confused sometimes when to use a computer policy vs user. Does it really matter in this case? Figured computer would allow me to apply it to just the computers ou and not the root where I have it now. Then i would nto need to block inheritance if I move servers.
ASKER
so is wmi more trouble than its worth? ie. finicky?
No its not really more trouble than its worth, i guess it just depends really on how big your network is and what you are using it for. Like if you only have a couple hundred machines that are only xp and servers it might not be worth using WMI but if you have say a couple thousand machines and a ton of different flavors of windows running then it might be worth using depending on how complex OU structure is.
ASKER
default "computers" ou is not listed in the group policy mmc.
never noticed that. wtf
never noticed that. wtf
As for the no override yeah you would want to remove that and block inheritance. As far as when to use computer policy vs user it depends on what you are trying to apply and to what you are trying to apply it to. For instance if you want to apply a gp to specific users you would want to create a user policy etc. As far as where to apply it, the basic way is just user policies are applied to users and computer policies are applied to computers. That being said there is other more advanced options as well but usually thats only in special circumstances that most companies don't use. I.E. A special computer that you want difference policy applied for a user that normally gets another policy etc.
yeah thats cause computers is not an OU its a container. There is a way that you can setup a specific OU to be the default OU for computers if you want to apply specific policies to it. For instance i created a OU called Default Computers and made it my default ou for new computers.
ASKER
yea i played with loopback for my citrix farm. that works good after lots of playing around.
the concept of looping back user policies to machines or something is somewhat simple i guess... although its really the reason im always confused about when to use user policy vs computer. Im probably over complicating it because im scared from doing the citrix polices.
ha
the concept of looping back user policies to machines or something is somewhat simple i guess... although its really the reason im always confused about when to use user policy vs computer. Im probably over complicating it because im scared from doing the citrix polices.
ha
ASKER
thats what I want.
ok made ou. searching how to make it my new default place for new systems.
then i just need to move servers out.
if i forget ill remember when they reboot automatically from wu :o
ok made ou. searching how to make it my new default place for new systems.
then i just need to move servers out.
if i forget ill remember when they reboot automatically from wu :o
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
found dame thing.
realized my forest was still 2000 :|
fixed that mess. I had a 2000 DC in a child domain when i updated teh root domain so i left it as 2000 forest. Glad i found that.
done and done.
now just need to add a new pc to confirm its working.
realized my forest was still 2000 :|
fixed that mess. I had a 2000 DC in a child domain when i updated teh root domain so i left it as 2000 forest. Glad i found that.
done and done.
now just need to add a new pc to confirm its working.
ASKER
my win7 heap got the policy :D
im sure it will work. thanks for the advice.
im sure it will work. thanks for the advice.