Solved

Stop group policy applying on a per computer basis

Posted on 2011-09-21
5
341 Views
Last Modified: 2012-05-12
Hi we have a few computers here at a branch office connected to the domain controller via VPN, we want to block all GPO inheritance to these machines except a specific gpo tailored for these, what is the easiest way to accomplish this?

I have created a seperate OU for the computers and applied a GPO here and blocked inheritance but it does not seem to be having the desired effect.
0
Comment
Question by:Bertling
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36573047
Try with separate domain group for those computers and use Group Policy Filtering. More about that at
http://technet.microsoft.com/en-us/library/cc779291%28WS.10%29.aspx

How to implement that
http://www.windowsnetworking.com/articles_tutorials/group-policy-security-filtering.html

and Mike has very good post on his blog at
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html

Regards,
Krzysztof
0
 
LVL 11

Author Comment

by:Bertling
ID: 36573068
filtering will not work in our case.

We would like to use a method that will even stop user GPO to be applied if anyone logs onto these PCs in the branch office? is it possible to use loopback to so that they can login without folder redirection?
0
 
LVL 11

Accepted Solution

by:
Bertling earned 0 total points
ID: 36573188
we solved it. we made a loopback policy on the OU of the 3 PCs only. we then set it in replace mode.

We then set folder redirection to local profile for each item.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36573203
Great! Congratulations.

Krzysztof
0
 
LVL 11

Author Closing Comment

by:Bertling
ID: 37061256
This worked as advised
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question