How to prevent a group policy from applying to Terminal Server

i need to prevent 1 group policy from applying to server. I have attached a picture of how my group policy's and OU's looks.

in this picture, i need the Terminal Server OU to not apply the group policy called Printers.
However, i need Terminal Server OU to still apply Baseline - Servers GPO and Default Domain Policy GPO

Now the trick here, is that im setting up group policy printers from the User Configuration. So im having an issue blocking those GPO's from applying on the Terminal Server.

How should i do this?
Capture.PNG
Brad NelsonOwnerAsked:
Who is Participating?
 
yo_beeDirector of Information TechnologyCommented:
Are these User's or Computer settings?
That was not stated in the question. What setting/settings are you looking to not apply?
This will determine how to address the request.

1: If this is computer based setting and it needs to apply to other servers or computers you can link the GPO to the OU that has the clients computer and server, while your TS servers must reside in an OU at the same level as the Computers and Servers. Your TS OU needs to be moved up one level.
Link the GPO to Computers and Servers, but not to the TS OU.
If you are dealing with a single TS or even a few you can us WMI filter if your servers have a similar naming pattern.  FirmTS01 and FirmTS02  you can create a WMI filter that looks like this.

Select * from Win32_ComputerSystem where name not like 'FirmTS%'  

Open in new window


Another is to deny apply GPO :  

Click on the GPO and select the Delegates Tab > Click Advance Button in the lower right corner.
Then Add the computer object and deny Apply GPO
This setting can be applied to Computer, Users or Groups.
123456
Now if you are dealing with a user setting you will need to leverage loop.
Figure how to reverse the setting/settings that apply to computers and server.

Group Policy Preferences (GPP)
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/A_11321-Deploying-Printers-using-Group-Policy-Preferences.html
This article explains how to leverage GPP and Item Level Targeting.
You can modify the filter by changing Security Group and select ComputerName and apply Name Not Like FirmTS*

Thanks
Mike
0
 
Sekar ChinnakannuStaff EngineerCommented:
Create two separate OU's and link the policies based on your requirement. In your scenario create Terminal Server OU and  link Baseline - Servers GPO and Default Domain Policy GPO etc... If need you can block the inheritance too.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.