filtering specific computers from policy
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Hi all,
I have a lot of sites and several domains. It is purely
Windows 2000 environment.
I am going to set up Group Policy at site level. It will
manage site-related software installation, drive mapping,
and other site-related options.
I don't want to make geographically based OUs, because
it's easer to use natural existing object like site.
I need to exclude servers from computer policy part of
site GPO. I think that I can do it by placing all servers
in security group and use GPO's permissions to denying
this group from apply policy.
Is this solution correct? I've searched the Internet but
could not manage to find if someone did the same thing.
Thank you,
Ilya.
Hi all,
I have a lot of sites and several domains. It is purely
Windows 2000 environment.
I am going to set up Group Policy at site level. It will
manage site-related software installation, drive mapping,
and other site-related options.
I don't want to make geographically based OUs, because
it's easer to use natural existing object like site.
I need to exclude servers from computer policy part of
site GPO. I think that I can do it by placing all servers
in security group and use GPO's permissions to denying
this group from apply policy.
Is this solution correct? I've searched the Internet but
could not manage to find if someone did the same thing.
Thank you,
Ilya.
More about : filtering specific computers policy
Archived from groups: microsoft.public.win2000.group_policy (More info?)
I have done that once on a test OU to deny computer policy to a computer by the
computer name and it worked as shown by Gpresult so it may work for you but be sure
to test it out. Computers by default get permissions to a GPO because they are
members of the authenticated users group. --- Steve
"Ilya" <anonymous@discussions.microsoft.com> wrote in message
news:2369101c45e77$41183080$a401280a@phx.gbl...
> Hi all,
>
> I have a lot of sites and several domains. It is purely
> Windows 2000 environment.
>
> I am going to set up Group Policy at site level. It will
> manage site-related software installation, drive mapping,
> and other site-related options.
>
> I don't want to make geographically based OUs, because
> it's easer to use natural existing object like site.
>
> I need to exclude servers from computer policy part of
> site GPO. I think that I can do it by placing all servers
> in security group and use GPO's permissions to denying
> this group from apply policy.
>
> Is this solution correct? I've searched the Internet but
> could not manage to find if someone did the same thing.
>
> Thank you,
> Ilya.
>
I have done that once on a test OU to deny computer policy to a computer by the
computer name and it worked as shown by Gpresult so it may work for you but be sure
to test it out. Computers by default get permissions to a GPO because they are
members of the authenticated users group. --- Steve
"Ilya" <anonymous@discussions.microsoft.com> wrote in message
news:2369101c45e77$41183080$a401280a@phx.gbl...
> Hi all,
>
> I have a lot of sites and several domains. It is purely
> Windows 2000 environment.
>
> I am going to set up Group Policy at site level. It will
> manage site-related software installation, drive mapping,
> and other site-related options.
>
> I don't want to make geographically based OUs, because
> it's easer to use natural existing object like site.
>
> I need to exclude servers from computer policy part of
> site GPO. I think that I can do it by placing all servers
> in security group and use GPO's permissions to denying
> this group from apply policy.
>
> Is this solution correct? I've searched the Internet but
> could not manage to find if someone did the same thing.
>
> Thank you,
> Ilya.
>
Related ressources:
- ForumApplying User Policy to specific computers ...
- ForumSecurity Filtering for specific "Links" instead of "GPO"
- ForumHow do I restrict a group policy to apply on specific clie..
- ForumLocal group policy filtering problem
- ForumBlock group policy to a single computer?
- ForumIPSEC not blocking specific IP address per Ethereal
- ForumGroup Policy !! Changing settings for only a specific user ..
- ForumGroup Policy Setup
- ForumGroup policy to restrict who Recieves an IP from DHCP???
- ForumUsing Group Policy to give install permission
- ForumIPSec Policy Doesn't Really Block
- ForumNetwork Logon Issues with Group Policy and Network
- ForumNew Builder with Specific Needs, Overdue Upgrade
- ForumAssiging Group Policy to 1 GROPUP
- ForumApplying a policy to a group
- ForumDeny policy not working
- ForumGPResult lists machine policy as "Denied (Security)." Don'..
- ForumParallel and com ports not appearing in device manager
- ForumPassword Policy
- ForumApplying Security Policy Takes Forever
- More resources
!
