filtering specific computers from policy

[Ilya]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi all,

I have a lot of sites and several domains. It is purely
Windows 2000 environment.

I am going to set up Group Policy at site level. It will
manage site-related software installation, drive mapping,
and other site-related options.

I don't want to make geographically based OUs, because
it's easer to use natural existing object like site.

I need to exclude servers from computer policy part of
site GPO. I think that I can do it by placing all servers
in security group and use GPO's permissions to denying
this group from apply policy.

Is this solution correct? I've searched the Internet but
could not manage to find if someone did the same thing.

Thank you,
Ilya.

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have done that once on a test OU to deny computer policy to a computer by the
computer name and it worked as shown by Gpresult so it may work for you but be sure
to test it out. Computers by default get permissions to a GPO because they are
members of the authenticated users group. --- Steve

"Ilya" <anonymous@discussions.microsoft.com> wrote in message
news:2369101c45e77$41183080$a401280a@phx.gbl...
> Hi all,
>
> I have a lot of sites and several domains. It is purely
> Windows 2000 environment.
>
> I am going to set up Group Policy at site level. It will
> manage site-related software installation, drive mapping,
> and other site-related options.
>
> I don't want to make geographically based OUs, because
> it's easer to use natural existing object like site.
>
> I need to exclude servers from computer policy part of
> site GPO. I think that I can do it by placing all servers
> in security group and use GPO's permissions to denying
> this group from apply policy.
>
> Is this solution correct? I've searched the Internet but
> could not manage to find if someone did the same thing.
>
> Thank you,
> Ilya.
>