SBS08 Group Policy changes for remote PCs

Posted on 2012-08-20
Last Modified: 2014-10-20
Hi All,
We have a remote location with several PC's that are part of our SBS08 network. The remote location has a RODC Windows 08 server.
Prefer not to modifythe existing inbuilt SBS policies too much but would like to exclude these users/pc's from some of the policies and/or point them at variations which include a local to them WSUS server.

So is this possible to exclude users/pc from existing GP, and then include them only to some new GPs?
Question by:art_r
    LVL 17

    Expert Comment

    by:Brad Bouchard
    Most everything is possible through Group Policy and is easiest if you use your OU structure to your advantage and only have certain users/computers in OUs that you want these GPOs applied to.  

    That being said, you can also exclude certain individuals and computers from these policies without restructuring your entire OU/AD.  

    Have you thought of/tried removing individuals from the applied to section of the GPO(s) in question?
    LVL 23

    Expert Comment

    by:Nagendra Pratap Singh
    Add these remote PCs to a group. Deny them the read GPO via security settings.

    Author Comment

    xBouchardx - I think the main SBS GPO's are just applied to Authenticated users so all users. So i'm guessing if changed that it would mean i would then need to add any new users individually in the future which I would prefer not to do.
    LVL 17

    Accepted Solution

    So make a group for the users you want to exclude and either deny them read access or apply a different GPO to this OU and Enforce it so it takes precedence over other GPOs.

    Author Comment

    npsingh123 - ok, just having a look at it this way.

    So if I make a copy of the default domain policy, rename it Remote Policy
    I already have my group of PC's defined, Remote_PCs

    Then on my existing policy, go delegation, advanced, add Remote_PCs with deny on read.

    Then on new Remote Policy, i would remove Authenticated Users and add Remote_PCs?

    Am I sort of on right track there..?
    LVL 17

    Expert Comment

    by:Brad Bouchard

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
    You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now