Link to home
Start Free TrialLog in
Avatar of art_r
art_r

asked on

SBS08 Group Policy changes for remote PCs

Hi All,
We have a remote location with several PC's that are part of our SBS08 network. The remote location has a RODC Windows 08 server.
Prefer not to modifythe existing inbuilt SBS policies too much but would like to exclude these users/pc's from some of the policies and/or point them at variations which include a local to them WSUS server.

So is this possible to exclude users/pc from existing GP, and then include them only to some new GPs?
Avatar of Brad Bouchard
Brad Bouchard

Most everything is possible through Group Policy and is easiest if you use your OU structure to your advantage and only have certain users/computers in OUs that you want these GPOs applied to.  

That being said, you can also exclude certain individuals and computers from these policies without restructuring your entire OU/AD.  

Have you thought of/tried removing individuals from the applied to section of the GPO(s) in question?
Avatar of Nagendra Pratap Singh
Add these remote PCs to a group. Deny them the read GPO via security settings.
Avatar of art_r

ASKER

xBouchardx - I think the main SBS GPO's are just applied to Authenticated users so all users. So i'm guessing if changed that it would mean i would then need to add any new users individually in the future which I would prefer not to do.
ASKER CERTIFIED SOLUTION
Avatar of Brad Bouchard
Brad Bouchard

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of art_r

ASKER

npsingh123 - ok, just having a look at it this way.

So if I make a copy of the default domain policy, rename it Remote Policy
I already have my group of PC's defined, Remote_PCs

Then on my existing policy, go delegation, advanced, add Remote_PCs with deny on read.

Then on new Remote Policy, i would remove Authenticated Users and add Remote_PCs?

Am I sort of on right track there..?
Correct...