Overriding spefic group policy item

Posted on 2011-10-10
Last Modified: 2012-05-12
Our primary domain group policy adds a certain groups to the local Administrators group on workstations. I would like to have the IT Dev staff computers add one extra group to the local admin group.
So I created a new GPO and added all the existing groups that need to be applied plus the new one. The problem is that the primary domain policy takes precedence and as a result my one specific change is not applied. I just want this one change to append to the primary GPO.

Is this possible or do I need to create a GPO specific for Dev team and deny the primary GPO from being applied to them? I would love to avoid that if possible.
Question by:nataq
    LVL 5

    Expert Comment

    In you're primary domain group you add all of the groups you're talking about besides the IT_DEV-localadmin group. So, in the old situation, the IT_DEV group allready received all other groups right?

    So, create a policy with one purpose and that is adding the IT-DEV group to the local admins. Connect this to the IT-DEV OU and it should work... No need to Re-add all the other groups if you ask me.

    Author Comment

    Yes the Primary domain GPO applies all the seeting they need, and since they are in IT they do not apply to any of the other GPO's

    I tried just creatin a new GPO that only applied to DEV team mebers. THe only thing the policy was to do was add the DEV team secuity group to the local admins group. but that didnt work.
    LVL 51

    Accepted Solution

    Create a new OU for the Dev staff.
    Move their computers into it.
    Link your GPO to that.

    Make sure that you're using Restricted Groups correctly and working with the "this group is a member of" section or it will replace and enforce from the original GPO.


    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now