none
Filter out computer from receiving domain linked level GPO

    Question

  • I have a GPO linked at the domain level that I DO NOT want applied to a specific workstation inside of an OU in the domain. This will only be applying to this one machine and no others. I have attempted to deny "read" and "apply group policy to this computer account but this is not working. Thoughts/suggestions?
    Wednesday, January 16, 2013 9:10 PM

Answers

  • I have attempted to deny "read" and "apply group policy to this computer account but this is not working. Thoughts/suggestions?

    Contains both user and computer settings- user configs are admin temps and comp configs are power prefs.

    OK, if you want to exclude both sections (User and Computer Config) it is easier to use a WMI Filter instead
    of security filtering.

    SELECT * FROM Win32_ComputerSystem WHERE Name <> 'Computername'

    "Computername" will be the hostname of the workstation that you want do exclude from the policy.


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Thursday, January 17, 2013 8:36 PM

All replies

  • Hello,

    Which configuration does the policy contain?
    User- or Computer Configuration?

    About which settings are we talking?
    (Administrative Templates, Security Settings ...)


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Wednesday, January 16, 2013 9:37 PM
  • Hi,

    Please provide more information. User configuration in the GPO couldn't be filtered out after you set the above ACL to some computer.

    Regards,
    Cicely

    Thursday, January 17, 2013 6:03 AM
    Moderator
  • Contains both user and computer settings- user configs are admin temps and comp configs are power prefs. I set the gpo to hibernate the monitors at 10 mins, relogin after screen saver initiated, turn on screen saver at 20 and then remove the ability to configure the screen saver settings.
    Thursday, January 17, 2013 1:38 PM
  • I have attempted to deny "read" and "apply group policy to this computer account but this is not working. Thoughts/suggestions?

    Contains both user and computer settings- user configs are admin temps and comp configs are power prefs.

    OK, if you want to exclude both sections (User and Computer Config) it is easier to use a WMI Filter instead
    of security filtering.

    SELECT * FROM Win32_ComputerSystem WHERE Name <> 'Computername'

    "Computername" will be the hostname of the workstation that you want do exclude from the policy.


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Thursday, January 17, 2013 8:36 PM