gpo filters

Posted on 2012-08-30
Last Modified: 2012-09-04
can anyone tell me how to edit/remove GPO filtering on a windows 2003 server that is part of an a/d? Step by step please.
Question by:lcipollone
    LVL 21

    Expert Comment

    Do you know what is being filtered or is this  unknown info?

    There are multiple ways to address this:
    1: Scope
    2: WMI Filtering
    3: Advance security rights to the GPO

    I will post some screenshots of all three of these
    LVL 12

    Expert Comment

    LVL 21

    Assisted Solution

    Here are the screenshots
    SCOPE Filtering.
    You add groups that can read this GPO. By default Authenticated Users have rights to read the objects.  If you are looking to just have a certain group read the object this would be where I would start.

    Next is WMI Filtering.
    This is a pretty nice way to target certain Computers via the NETBIOS name. For example all your Laptops name start with LT and all your Desktop start with DT. You can target LT% and the Computer GPO setting will only apply to computers that start with LT% and ignore all other computer names.

    Another way is Delegation. You can add and remove Users and Groups from this area to control who ask rights to read only, Read/Write and other options.  There also is the Advance function that is just like NTFS ACL.  You can Deny or Allow more granular control.

    DelegationDelegation AdvancedAdvance Settings
    LVL 57

    Accepted Solution

    It really depends how the box is being filtered.  Is it part of a group and that group is being used for filtering.  If that is the case then you would remove the object from the group.  

    If the box is in the ACL then you would remove the object from the ACL.

    Some screenshots of security filtering


    LVL 21

    Expert Comment

    Why only a B rating?  :(

    Author Comment

    sorry my mistake i hit the wrong button> how can i change it?
    LVL 21

    Expert Comment

    No biggie.  I was just curious the reason why.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Suggested Solutions

    This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now