is it possible to create and new policy in GPMG and not affect a working policy

Posted on 2014-12-19
Last Modified: 2014-12-24
I have 300 clients still using Windows XP. (I know I know...) We are developing a Windows 8.1 Pro based client to replace this. I created new OU and subsequent policy on the same server that runs the existing clients. I soon discovered as I enabled, disabled and defined while in the newly edited file for Windows 8.1  that the Windows XPs were going offline. I did some quick reading and tried moving the OU to below the original OU, but more sites were complaining. I saved the policy and then deleted it from the GPMG. I had all sites reboot their systems and they were okay again. Due to the way our company works (read that big and slow) I assumed it would take some time to eventually transition from the XP to 8.1 and I wanted to offer them both a working solution over a period of time. Once the site has the new system running then the old one is shutdown. So what do I have to do to accomplish this?
Question by:hatcherb1234
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40509517
If you've organized your sites and OUs properly, you can certainly work with GPOs without having any impact on live systems. You didn't give any information on topology or how you concluded what you were doing was the cause of outages though, so specifics are tough to give.

Author Comment

ID: 40509567
I have attached a snippet of the GPMG. the new policy originally went between the Workstation OU and below the workstation-policies. I then moved it to below all of the client OUs that linked to the workstation-policies and user-policies. As I type this I do remember that the new policy I was editing was linked. Maybe I should have turned that off first?
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40509571
So much blackout and so little context. I still can't give any reasonable advice.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 40509582
What do you need to see? I can't provide hostnames or domain info.
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40509597
Not looking for that. But a mock_up or drawing of the relevant OU'smwith the XP machines, 8.1 machines, users, and a brief idea of what policies you are trying to set that apparently broke your existing network and where you linked them are all helpful. I can see *none* of that from your screenshot. Drawing something like that out even using something silly like clipart in MS word is a trivial ask for the help you want.

The answer to your question, generically, is that yes, it is possible, and done quite often, to create new GPOs that don't interfere with existing machines. OUs, security groups, or WMI filters can all help constraint the new GPO.

But if you want specifics on where you might've gone astray, you have to be willing to share specifics. We can't operate in a vacuum. If you really need detailed help, hire a consultant, have them sign a contract that includes an NDA. All the normal security precaution when entering a B2B relationship.
LVL 80

Accepted Solution

David Johnson, CD, MVP earned 500 total points
ID: 40509626
use a wmi filter for only windows 8.1 machines
select * from Win32_OperatingSystem WHERE Version like "6.3%"

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question