is it possible to create and new policy in GPMG and not affect a working policy

Posted on 2014-12-19
Last Modified: 2014-12-24
I have 300 clients still using Windows XP. (I know I know...) We are developing a Windows 8.1 Pro based client to replace this. I created new OU and subsequent policy on the same server that runs the existing clients. I soon discovered as I enabled, disabled and defined while in the newly edited file for Windows 8.1  that the Windows XPs were going offline. I did some quick reading and tried moving the OU to below the original OU, but more sites were complaining. I saved the policy and then deleted it from the GPMG. I had all sites reboot their systems and they were okay again. Due to the way our company works (read that big and slow) I assumed it would take some time to eventually transition from the XP to 8.1 and I wanted to offer them both a working solution over a period of time. Once the site has the new system running then the old one is shutdown. So what do I have to do to accomplish this?
Question by:hatcherb1234
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40509517
If you've organized your sites and OUs properly, you can certainly work with GPOs without having any impact on live systems. You didn't give any information on topology or how you concluded what you were doing was the cause of outages though, so specifics are tough to give.

Author Comment

ID: 40509567
I have attached a snippet of the GPMG. the new policy originally went between the Workstation OU and below the workstation-policies. I then moved it to below all of the client OUs that linked to the workstation-policies and user-policies. As I type this I do remember that the new policy I was editing was linked. Maybe I should have turned that off first?
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40509571
So much blackout and so little context. I still can't give any reasonable advice.
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 40509582
What do you need to see? I can't provide hostnames or domain info.
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40509597
Not looking for that. But a mock_up or drawing of the relevant OU'smwith the XP machines, 8.1 machines, users, and a brief idea of what policies you are trying to set that apparently broke your existing network and where you linked them are all helpful. I can see *none* of that from your screenshot. Drawing something like that out even using something silly like clipart in MS word is a trivial ask for the help you want.

The answer to your question, generically, is that yes, it is possible, and done quite often, to create new GPOs that don't interfere with existing machines. OUs, security groups, or WMI filters can all help constraint the new GPO.

But if you want specifics on where you might've gone astray, you have to be willing to share specifics. We can't operate in a vacuum. If you really need detailed help, hire a consultant, have them sign a contract that includes an NDA. All the normal security precaution when entering a B2B relationship.
LVL 81

Accepted Solution

David Johnson, CD, MVP earned 500 total points
ID: 40509626
use a wmi filter for only windows 8.1 machines
select * from Win32_OperatingSystem WHERE Version like "6.3%"

Featured Post

Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question