Solved

How to prevent a group policy from applying to Terminal Server

Posted on 2014-09-15
4
94 Views
Last Modified: 2015-06-27
i need to prevent 1 group policy from applying to server. I have attached a picture of how my group policy's and OU's looks.

in this picture, i need the Terminal Server OU to not apply the group policy called Printers.
However, i need Terminal Server OU to still apply Baseline - Servers GPO and Default Domain Policy GPO

Now the trick here, is that im setting up group policy printers from the User Configuration. So im having an issue blocking those GPO's from applying on the Terminal Server.

How should i do this?
Capture.PNG
0
Comment
Question by:GTechForce
4 Comments
 
LVL 25

Expert Comment

by:Sekar Chinnakannu
ID: 40324517
Create two separate OU's and link the policies based on your requirement. In your scenario create Terminal Server OU and  link Baseline - Servers GPO and Default Domain Policy GPO etc... If need you can block the inheritance too.
0
 
LVL 22

Accepted Solution

by:
yo_bee earned 500 total points
ID: 40329526
Are these User's or Computer settings?
That was not stated in the question. What setting/settings are you looking to not apply?
This will determine how to address the request.

1: If this is computer based setting and it needs to apply to other servers or computers you can link the GPO to the OU that has the clients computer and server, while your TS servers must reside in an OU at the same level as the Computers and Servers. Your TS OU needs to be moved up one level.
Link the GPO to Computers and Servers, but not to the TS OU.
If you are dealing with a single TS or even a few you can us WMI filter if your servers have a similar naming pattern.  FirmTS01 and FirmTS02  you can create a WMI filter that looks like this.

Select * from Win32_ComputerSystem where name not like 'FirmTS%'  

Open in new window


Another is to deny apply GPO :  

Click on the GPO and select the Delegates Tab > Click Advance Button in the lower right corner.
Then Add the computer object and deny Apply GPO
This setting can be applied to Computer, Users or Groups.
123456
Now if you are dealing with a user setting you will need to leverage loop.
Figure how to reverse the setting/settings that apply to computers and server.

Group Policy Preferences (GPP)
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_11321-Deploying-Printers-using-Group-Policy-Preferences.html
This article explains how to leverage GPP and Item Level Targeting.
You can modify the filter by changing Security Group and select ComputerName and apply Name Not Like FirmTS*

Thanks
Mike
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40854380
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question