?
Solved

How to apply a Group Policy to a single computer in an OU of computers?

Posted on 2013-11-14
3
Medium Priority
?
3,757 Views
Last Modified: 2013-11-17
Hey guys,

I have a Windows Server 2008 R2 domain and a GPO that has only User policy settings in it and I want to apply it to a single computer in an OU.

I have enabled lookback processing to merge this policy with other applicable policies otherwise the GPO won't apply to an OU of computers.

Where I am getting stuck is with the Security Filtering. I want this policy to apply to all users of a specified computer which I am specifying in the security filtering but I cant figure out how to filter it so that all users of the specified computer get the GPO applied.

If I add the computer to the Security Filtering and remove the Everyone security group, the GPO wont apply. ("gpresult" shows the object filtering as "Denied (Security) "

If I add the user account I am trying to test with the filtering works but it also works on every computer for that user, not just the computer specified in the Security Filtering.

I have done some reading on this problem. Aparrently for this sort of policy to work I need to specify a user or group in the Security Filtering.  Someone suggested adding the computer/s you want to restrict the GPO to into a new Security Group and adding that Security Group to Security Filtering along with the computer I am trying to restrict the GPO to. That didn't work either. The same "Denied (Security)" error.

Any idea where I am going wrong folks?
0
Comment
Question by:defecta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Accepted Solution

by:
loki0609 earned 2000 total points
ID: 39650463
I'm not sure if i'm understanding you correctly but what i get is you have a "special" computer that you want a certain GPO to be applied to and not to the other normal computers?

GPO is inheritable so i'd simply create a OU inside your main computer OU and throw the computer and the gpo in it. Then the computer will have all the GPO's that then normal computers get plus the GPO's that are in the special OU.

Computers
      |
       ------>Special
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39650483
You can create seperate OU in root or sub OU in computer OU for this computer and apply the loopback policy to this OU only, this should work.
0
 

Author Closing Comment

by:defecta
ID: 39650488
That totally works for me and does exactly what I need without compromise. I knew some fresh eyes would help. Thanks loki0609
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month8 days, 4 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question