Solved

How to prevent a group policy from applying to Terminal Server

Posted on 2014-09-15
4
108 Views
Last Modified: 2015-06-27
i need to prevent 1 group policy from applying to server. I have attached a picture of how my group policy's and OU's looks.

in this picture, i need the Terminal Server OU to not apply the group policy called Printers.
However, i need Terminal Server OU to still apply Baseline - Servers GPO and Default Domain Policy GPO

Now the trick here, is that im setting up group policy printers from the User Configuration. So im having an issue blocking those GPO's from applying on the Terminal Server.

How should i do this?
Capture.PNG
0
Comment
Question by:GTechForce
4 Comments
 
LVL 25

Expert Comment

by:Sekar Chinnakannu
ID: 40324517
Create two separate OU's and link the policies based on your requirement. In your scenario create Terminal Server OU and  link Baseline - Servers GPO and Default Domain Policy GPO etc... If need you can block the inheritance too.
0
 
LVL 22

Accepted Solution

by:
yo_bee earned 500 total points
ID: 40329526
Are these User's or Computer settings?
That was not stated in the question. What setting/settings are you looking to not apply?
This will determine how to address the request.

1: If this is computer based setting and it needs to apply to other servers or computers you can link the GPO to the OU that has the clients computer and server, while your TS servers must reside in an OU at the same level as the Computers and Servers. Your TS OU needs to be moved up one level.
Link the GPO to Computers and Servers, but not to the TS OU.
If you are dealing with a single TS or even a few you can us WMI filter if your servers have a similar naming pattern.  FirmTS01 and FirmTS02  you can create a WMI filter that looks like this.

Select * from Win32_ComputerSystem where name not like 'FirmTS%'  

Open in new window


Another is to deny apply GPO :  

Click on the GPO and select the Delegates Tab > Click Advance Button in the lower right corner.
Then Add the computer object and deny Apply GPO
This setting can be applied to Computer, Users or Groups.
123456
Now if you are dealing with a user setting you will need to leverage loop.
Figure how to reverse the setting/settings that apply to computers and server.

Group Policy Preferences (GPP)
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_11321-Deploying-Printers-using-Group-Policy-Preferences.html
This article explains how to leverage GPP and Item Level Targeting.
You can modify the filter by changing Security Group and select ComputerName and apply Name Not Like FirmTS*

Thanks
Mike
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40854380
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
An article on effective troubleshooting
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question