How to apply a Group Policy to a single computer in an OU of computers?
Hey guys,
I have a Windows Server 2008 R2 domain and a GPO that has only User policy settings in it and I want to apply it to a single computer in an OU.
I have enabled lookback processing to merge this policy with other applicable policies otherwise the GPO won't apply to an OU of computers.
Where I am getting stuck is with the Security Filtering. I want this policy to apply to all users of a specified computer which I am specifying in the security filtering but I cant figure out how to filter it so that all users of the specified computer get the GPO applied.
If I add the computer to the Security Filtering and remove the Everyone security group, the GPO wont apply. ("gpresult" shows the object filtering as "Denied (Security) "
If I add the user account I am trying to test with the filtering works but it also works on every computer for that user, not just the computer specified in the Security Filtering.
I have done some reading on this problem. Aparrently for this sort of policy to work I need to specify a user or group in the Security Filtering. Someone suggested adding the computer/s you want to restrict the GPO to into a new Security Group and adding that Security Group to Security Filtering along with the computer I am trying to restrict the GPO to. That didn't work either. The same "Denied (Security)" error.
Any idea where I am going wrong folks?
I have a Windows Server 2008 R2 domain and a GPO that has only User policy settings in it and I want to apply it to a single computer in an OU.
I have enabled lookback processing to merge this policy with other applicable policies otherwise the GPO won't apply to an OU of computers.
Where I am getting stuck is with the Security Filtering. I want this policy to apply to all users of a specified computer which I am specifying in the security filtering but I cant figure out how to filter it so that all users of the specified computer get the GPO applied.
If I add the computer to the Security Filtering and remove the Everyone security group, the GPO wont apply. ("gpresult" shows the object filtering as "Denied (Security) "
If I add the user account I am trying to test with the filtering works but it also works on every computer for that user, not just the computer specified in the Security Filtering.
I have done some reading on this problem. Aparrently for this sort of policy to work I need to specify a user or group in the Security Filtering. Someone suggested adding the computer/s you want to restrict the GPO to into a new Security Group and adding that Security Group to Security Filtering along with the computer I am trying to restrict the GPO to. That didn't work either. The same "Denied (Security)" error.
Any idea where I am going wrong folks?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sandesh Dubey
You can create seperate OU in root or sub OU in computer OU for this computer and apply the loopback policy to this OU only, this should work.
ASKER
That totally works for me and does exactly what I need without compromise. I knew some fresh eyes would help. Thanks loki0609