Stop group policy applying on a per computer basis

Hi we have a few computers here at a branch office connected to the domain controller via VPN, we want to block all GPO inheritance to these machines except a specific gpo tailored for these, what is the easiest way to accomplish this?

I have created a seperate OU for the computers and applied a GPO here and blocked inheritance but it does not seem to be having the desired effect.
LVL 11
BertlingAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
BertlingConnect With a Mentor Author Commented:
we solved it. we made a loopback policy on the OU of the 3 PCs only. we then set it in replace mode.

We then set folder redirection to local profile for each item.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Try with separate domain group for those computers and use Group Policy Filtering. More about that at
http://technet.microsoft.com/en-us/library/cc779291%28WS.10%29.aspx

How to implement that
http://www.windowsnetworking.com/articles_tutorials/group-policy-security-filtering.html

and Mike has very good post on his blog at
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html

Regards,
Krzysztof
0
 
BertlingAuthor Commented:
filtering will not work in our case.

We would like to use a method that will even stop user GPO to be applied if anyone logs onto these PCs in the branch office? is it possible to use loopback to so that they can login without folder redirection?
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Great! Congratulations.

Krzysztof
0
 
BertlingAuthor Commented:
This worked as advised
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.