Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: High
  • Security: Public
  • Views: 72
  • Last Modified:

Guides on creating group policy exclusions and filters

Up until now most all of the group policies I have created have been assigned to all authenticated users.

I'm now looking for guides and references on how to create group policy exclusions within Server 2016 so certain users or computers can be excluded from certain group policies.

Please provide me with references and guides on how to do this.
0
IT Guy
Asked:
IT Guy
2 Solutions
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
So, think of Group Policies as like folder permissions.  That Is the best way I can describe it.

So, by default, Authenticated Users get a new policy that is created. Lets say that this policy I create is a screen saver policy, but I only want users in the Sales Group to have it.  I could go into the Scope of the policy and Add the Sales group to the Security Filtering and take out Authenticated users.  Thus, the policy will only be applied to the Sales Group.  This is probably the simplest explanation I can give.

A great reference for group policy is by Jeremy Moskowitz, Group Policy.

Here is a good video. The author is a little hard to understand sometimes, but he explains it very well.

https://www.youtube.com/watch?v=1zmuOfxHM14
0
 
arnoldCommented:
Adding to Steve's comment using security filtering, you could also use WMI filters.
Since you mention exclusionary, you would potentially still have authenticated_users in the security filter, and use WMI filters to exclude application of the GPO based on either a computer or user parameter.....

You could under the security tab add a security group and deny it rights to view the GPO under delegation, advanced you can deny a user or a security group rights. note this way of managing/controlling access might not be easily determinable down the line. compared to the security filter and wmi filter.

ref WMI FILTER https://blogs.technet.microsoft.com/askds/2008/09/11/fun-with-wmi-filters-in-group-policy/

https://www.experts-exchange.com/questions/22930217/Selecting-Group-Members-using-WMI-Filters-for-GPOs.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now