art_r
asked on
SBS08 Group Policy changes for remote PCs
Hi All,
We have a remote location with several PC's that are part of our SBS08 network. The remote location has a RODC Windows 08 server.
Prefer not to modifythe existing inbuilt SBS policies too much but would like to exclude these users/pc's from some of the policies and/or point them at variations which include a local to them WSUS server.
So is this possible to exclude users/pc from existing GP, and then include them only to some new GPs?
We have a remote location with several PC's that are part of our SBS08 network. The remote location has a RODC Windows 08 server.
Prefer not to modifythe existing inbuilt SBS policies too much but would like to exclude these users/pc's from some of the policies and/or point them at variations which include a local to them WSUS server.
So is this possible to exclude users/pc from existing GP, and then include them only to some new GPs?
Add these remote PCs to a group. Deny them the read GPO via security settings.
ASKER
xBouchardx - I think the main SBS GPO's are just applied to Authenticated users so all users. So i'm guessing if changed that it would mean i would then need to add any new users individually in the future which I would prefer not to do.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
npsingh123 - ok, just having a look at it this way.
So if I make a copy of the default domain policy, rename it Remote Policy
I already have my group of PC's defined, Remote_PCs
Then on my existing policy, go delegation, advanced, add Remote_PCs with deny on read.
Then on new Remote Policy, i would remove Authenticated Users and add Remote_PCs?
Am I sort of on right track there..?
So if I make a copy of the default domain policy, rename it Remote Policy
I already have my group of PC's defined, Remote_PCs
Then on my existing policy, go delegation, advanced, add Remote_PCs with deny on read.
Then on new Remote Policy, i would remove Authenticated Users and add Remote_PCs?
Am I sort of on right track there..?
Correct...
That being said, you can also exclude certain individuals and computers from these policies without restructuring your entire OU/AD.
Have you thought of/tried removing individuals from the applied to section of the GPO(s) in question?