Archived from groups: microsoft.public.win2000.active_directory (More info?)
How can I not apply a GPO to one computer in my OU?
How can I not apply a GPO to one computer in my OU?
Do not apply GPO to one machine in an OU
- Thread starter Greg
- Start date
-
- Tags
- Windows XP
Archived from groups: microsoft.public.win2000.active_directory (More info?)
1. Create a security group for computers to which you want to apply GPO,
2. put all but one computer (the one that you don't want GPO to be applied
to) in that security groups,
3. edit GPO security settings and remove Authenticated users from reading
and applying GPO's
4. Add your security group rights to read and apply GPO
--
Regards
Matjaz Ladava, ladava.com
MCSA, MCSE, MCT
Microsoft MVP Windows Server - Directory Services
e-mail: matjaz@ladava.com, matjazl@mvps.org
"Greg" <Greg@discussions.microsoft.com> wrote in message
news:7DFF0537-8ACB-4D5B-A049-3749310500C2@microsoft.com...
> How can I not apply a GPO to one computer in my OU?
1. Create a security group for computers to which you want to apply GPO,
2. put all but one computer (the one that you don't want GPO to be applied
to) in that security groups,
3. edit GPO security settings and remove Authenticated users from reading
and applying GPO's
4. Add your security group rights to read and apply GPO
--
Regards
Matjaz Ladava, ladava.com
MCSA, MCSE, MCT
Microsoft MVP Windows Server - Directory Services
e-mail: matjaz@ladava.com, matjazl@mvps.org
"Greg" <Greg@discussions.microsoft.com> wrote in message
news:7DFF0537-8ACB-4D5B-A049-3749310500C2@microsoft.com...
> How can I not apply a GPO to one computer in my OU?
Archived from groups: microsoft.public.win2000.active_directory (More info?)
On Fri, 11 Feb 2005 17:58:21 +0100, Matjaz Ladava [MVP] wrote:
> 1. Create a security group for computers to which you want to apply GPO,
> 2. put all but one computer (the one that you don't want GPO to be applied
> to) in that security groups,
> 3. edit GPO security settings and remove Authenticated users from reading
> and applying GPO's
> 4. Add your security group rights to read and apply GPO
Alternatively, and perhaps more simply ...
1) Create a security group for the computer(s) you don't wish to apply the
GPO to.
2) Edit the GPO's delegation tab (Advanced) and Add a Deny Apply for that
group.
Cheers,
Kenny.
On Fri, 11 Feb 2005 17:58:21 +0100, Matjaz Ladava [MVP] wrote:
> 1. Create a security group for computers to which you want to apply GPO,
> 2. put all but one computer (the one that you don't want GPO to be applied
> to) in that security groups,
> 3. edit GPO security settings and remove Authenticated users from reading
> and applying GPO's
> 4. Add your security group rights to read and apply GPO
Alternatively, and perhaps more simply ...
1) Create a security group for the computer(s) you don't wish to apply the
GPO to.
2) Edit the GPO's delegation tab (Advanced) and Add a Deny Apply for that
group.
Cheers,
Kenny.
Archived from groups: microsoft.public.win2000.active_directory (More info?)
I usually like to avoid using DENY.......you end up getting a lot of log
events - among other things.
--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"Kenneth MacDonald" <K.MacDonald@ed.ac.uk> wrote in message
news
an.2005.02.14.15.13.09.984506@ed.ac.uk...
> On Fri, 11 Feb 2005 17:58:21 +0100, Matjaz Ladava [MVP] wrote:
>
>> 1. Create a security group for computers to which you want to apply GPO,
>> 2. put all but one computer (the one that you don't want GPO to be
>> applied
>> to) in that security groups,
>> 3. edit GPO security settings and remove Authenticated users from reading
>> and applying GPO's
>> 4. Add your security group rights to read and apply GPO
>
> Alternatively, and perhaps more simply ...
>
> 1) Create a security group for the computer(s) you don't wish to apply the
> GPO to.
> 2) Edit the GPO's delegation tab (Advanced) and Add a Deny Apply for that
> group.
>
> Cheers,
>
> Kenny.
>
>
I usually like to avoid using DENY.......you end up getting a lot of log
events - among other things.
--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"Kenneth MacDonald" <K.MacDonald@ed.ac.uk> wrote in message
news
an.2005.02.14.15.13.09.984506@ed.ac.uk...> On Fri, 11 Feb 2005 17:58:21 +0100, Matjaz Ladava [MVP] wrote:
>
>> 1. Create a security group for computers to which you want to apply GPO,
>> 2. put all but one computer (the one that you don't want GPO to be
>> applied
>> to) in that security groups,
>> 3. edit GPO security settings and remove Authenticated users from reading
>> and applying GPO's
>> 4. Add your security group rights to read and apply GPO
>
> Alternatively, and perhaps more simply ...
>
> 1) Create a security group for the computer(s) you don't wish to apply the
> GPO to.
> 2) Edit the GPO's delegation tab (Advanced) and Add a Deny Apply for that
> group.
>
> Cheers,
>
> Kenny.
>
>
Facebook
Twitter
Instagram