Solved

How to prevent a group policy from applying to Terminal Server

Posted on 2014-09-15
4
87 Views
Last Modified: 2015-06-27
i need to prevent 1 group policy from applying to server. I have attached a picture of how my group policy's and OU's looks.

in this picture, i need the Terminal Server OU to not apply the group policy called Printers.
However, i need Terminal Server OU to still apply Baseline - Servers GPO and Default Domain Policy GPO

Now the trick here, is that im setting up group policy printers from the User Configuration. So im having an issue blocking those GPO's from applying on the Terminal Server.

How should i do this?
Capture.PNG
0
Comment
Question by:GTechForce
4 Comments
 
LVL 24

Expert Comment

by:Sekar Chinnakannu
ID: 40324517
Create two separate OU's and link the policies based on your requirement. In your scenario create Terminal Server OU and  link Baseline - Servers GPO and Default Domain Policy GPO etc... If need you can block the inheritance too.
0
 
LVL 22

Accepted Solution

by:
yo_bee earned 500 total points
ID: 40329526
Are these User's or Computer settings?
That was not stated in the question. What setting/settings are you looking to not apply?
This will determine how to address the request.

1: If this is computer based setting and it needs to apply to other servers or computers you can link the GPO to the OU that has the clients computer and server, while your TS servers must reside in an OU at the same level as the Computers and Servers. Your TS OU needs to be moved up one level.
Link the GPO to Computers and Servers, but not to the TS OU.
If you are dealing with a single TS or even a few you can us WMI filter if your servers have a similar naming pattern.  FirmTS01 and FirmTS02  you can create a WMI filter that looks like this.

Select * from Win32_ComputerSystem where name not like 'FirmTS%'  

Open in new window


Another is to deny apply GPO :  

Click on the GPO and select the Delegates Tab > Click Advance Button in the lower right corner.
Then Add the computer object and deny Apply GPO
This setting can be applied to Computer, Users or Groups.
123456
Now if you are dealing with a user setting you will need to leverage loop.
Figure how to reverse the setting/settings that apply to computers and server.

Group Policy Preferences (GPP)
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_11321-Deploying-Printers-using-Group-Policy-Preferences.html
This article explains how to leverage GPP and Item Level Targeting.
You can modify the filter by changing Security Group and select ComputerName and apply Name Not Like FirmTS*

Thanks
Mike
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40854380
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now