nataq
asked on
Overriding spefic group policy item
Our primary domain group policy adds a certain groups to the local Administrators group on workstations. I would like to have the IT Dev staff computers add one extra group to the local admin group.
So I created a new GPO and added all the existing groups that need to be applied plus the new one. The problem is that the primary domain policy takes precedence and as a result my one specific change is not applied. I just want this one change to append to the primary GPO.
Is this possible or do I need to create a GPO specific for Dev team and deny the primary GPO from being applied to them? I would love to avoid that if possible.
So I created a new GPO and added all the existing groups that need to be applied plus the new one. The problem is that the primary domain policy takes precedence and as a result my one specific change is not applied. I just want this one change to append to the primary GPO.
Is this possible or do I need to create a GPO specific for Dev team and deny the primary GPO from being applied to them? I would love to avoid that if possible.
ASKER
Yes the Primary domain GPO applies all the seeting they need, and since they are in IT they do not apply to any of the other GPO's
I tried just creatin a new GPO that only applied to DEV team mebers. THe only thing the policy was to do was add the DEV team secuity group to the local admins group. but that didnt work.
I tried just creatin a new GPO that only applied to DEV team mebers. THe only thing the policy was to do was add the DEV team secuity group to the local admins group. but that didnt work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
So, create a policy with one purpose and that is adding the IT-DEV group to the local admins. Connect this to the IT-DEV OU and it should work... No need to Re-add all the other groups if you ask me.