is it possible to create and new policy in GPMG and not affect a working policy

Posted on 2014-12-19
Last Modified: 2014-12-24
I have 300 clients still using Windows XP. (I know I know...) We are developing a Windows 8.1 Pro based client to replace this. I created new OU and subsequent policy on the same server that runs the existing clients. I soon discovered as I enabled, disabled and defined while in the newly edited file for Windows 8.1  that the Windows XPs were going offline. I did some quick reading and tried moving the OU to below the original OU, but more sites were complaining. I saved the policy and then deleted it from the GPMG. I had all sites reboot their systems and they were okay again. Due to the way our company works (read that big and slow) I assumed it would take some time to eventually transition from the XP to 8.1 and I wanted to offer them both a working solution over a period of time. Once the site has the new system running then the old one is shutdown. So what do I have to do to accomplish this?
Question by:hatcherb1234
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40509517
If you've organized your sites and OUs properly, you can certainly work with GPOs without having any impact on live systems. You didn't give any information on topology or how you concluded what you were doing was the cause of outages though, so specifics are tough to give.

Author Comment

ID: 40509567
I have attached a snippet of the GPMG. the new policy originally went between the Workstation OU and below the workstation-policies. I then moved it to below all of the client OUs that linked to the workstation-policies and user-policies. As I type this I do remember that the new policy I was editing was linked. Maybe I should have turned that off first?
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40509571
So much blackout and so little context. I still can't give any reasonable advice.
Office 365 Advanced Training for Admins

Special Offer:  Buy 1 course, get 2nd free!  Buy the 'Managing Office 365 Identities & Requirements' course w/ Accelerated TestPrep, and automatically receive the 'Enabling Office 365 Services' course FREE!


Author Comment

ID: 40509582
What do you need to see? I can't provide hostnames or domain info.
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40509597
Not looking for that. But a mock_up or drawing of the relevant OU'smwith the XP machines, 8.1 machines, users, and a brief idea of what policies you are trying to set that apparently broke your existing network and where you linked them are all helpful. I can see *none* of that from your screenshot. Drawing something like that out even using something silly like clipart in MS word is a trivial ask for the help you want.

The answer to your question, generically, is that yes, it is possible, and done quite often, to create new GPOs that don't interfere with existing machines. OUs, security groups, or WMI filters can all help constraint the new GPO.

But if you want specifics on where you might've gone astray, you have to be willing to share specifics. We can't operate in a vacuum. If you really need detailed help, hire a consultant, have them sign a contract that includes an NDA. All the normal security precaution when entering a B2B relationship.
LVL 81

Accepted Solution

David Johnson, CD, MVP earned 500 total points
ID: 40509626
use a wmi filter for only windows 8.1 machines
select * from Win32_OperatingSystem WHERE Version like "6.3%"

Featured Post

Office 365 Training for Admins

Learn how to provision tenants, synchronize on-premise Active Directory, and implement Single Sign-On with these master level course.  Only from Platform Scholar

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question