Solved

Stop group policy applying on a per computer basis

Posted on 2011-09-21
5
342 Views
Last Modified: 2012-05-12
Hi we have a few computers here at a branch office connected to the domain controller via VPN, we want to block all GPO inheritance to these machines except a specific gpo tailored for these, what is the easiest way to accomplish this?

I have created a seperate OU for the computers and applied a GPO here and blocked inheritance but it does not seem to be having the desired effect.
0
Comment
Question by:Bertling
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36573047
Try with separate domain group for those computers and use Group Policy Filtering. More about that at
http://technet.microsoft.com/en-us/library/cc779291%28WS.10%29.aspx

How to implement that
http://www.windowsnetworking.com/articles_tutorials/group-policy-security-filtering.html

and Mike has very good post on his blog at
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html

Regards,
Krzysztof
0
 
LVL 11

Author Comment

by:Bertling
ID: 36573068
filtering will not work in our case.

We would like to use a method that will even stop user GPO to be applied if anyone logs onto these PCs in the branch office? is it possible to use loopback to so that they can login without folder redirection?
0
 
LVL 11

Accepted Solution

by:
Bertling earned 0 total points
ID: 36573188
we solved it. we made a loopback policy on the OU of the 3 PCs only. we then set it in replace mode.

We then set folder redirection to local profile for each item.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36573203
Great! Congratulations.

Krzysztof
0
 
LVL 11

Author Closing Comment

by:Bertling
ID: 37061256
This worked as advised
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question