LB1234
asked on
How to block GPO on a single computer in an OU, in W2k8?
There's a particular GPO I'd like to block on a single PC in an OU. How to perform this? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No. If the GPO applies to a computer (the settings are under Computer Configuration), you can not block it by adding a user.
ASKER
Gotcha please look at the attached image. 
Even though this GPO functions properly, you'll notice that there are only user groups listed here, even though it's a computer GPO. According to you, I would expect to see computers here not users. Can you explain how I'm looking at this incorrectly?
Even though this GPO functions properly, you'll notice that there are only user groups listed here, even though it's a computer GPO. According to you, I would expect to see computers here not users. Can you explain how I'm looking at this incorrectly?
The scoping includes authenticated users. This is a misleading group as it actually contains any object that authenticated - including computers.
ASKER
Ahh, I see. Ok so I'll add the computer, run GPupdate, and we should be set. Will let you know soon. Thanks.
From my point of view using the "deny" is not a wise practice. It would be more desirable to set your Security Filtering accordingly. So rather than using "Authenticated Users" you would create a new Security Group (add your users/computers) to this group and add the group to Security Filtering. Then from there when you want to add/remove users/computers from this policy you just remove them from the group.
Will Deny work, yes but if you have other scenarios where you want to do the same thing, it will get messy using the Dent for each individual object.
Will.
Will Deny work, yes but if you have other scenarios where you want to do the same thing, it will get messy using the Dent for each individual object.
Will.
Ahh posted too late.
Will.
Will.
ASKER