none
Apply User policies by computer domain

    Question

  • We are deploying new Windows 10 PCs to a new domain under the existing empty forest root. User objects will remain in the old "network.local" domain. The existing user GPOs were made for Windows 7 and earlier, but apply mostly to all users in that domain.

    We have some new User GPOs for Win10 that we would like to apply to users who log-in to a Windows 10 computer. However, when they log-in to a Windows 7 PC, they should get the existing policies. The existing polices should NOT be applied to users who log-in to Windows 10.

    Windows 10 computers are members of the new domain.

    We are struggling to find a method to make this happen. Any input toward a solution would be greatly appreciated.

    Wednesday, June 01, 2016 11:31 PM

Answers

  • Hi RadioActiveLamb,

    Thanks for your post.

    You could right-click the NewDomain.com and check Block Inheritance in Group Policy Management to achieve your goal.

    You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.

    Additional considerations

    1. To complete this procedure, you must have Link GPOs permission for the domain or OU.
    2. If a domain or OU is set to block inheritance, it will appear with a blue exclamation mark in the console tree.
    3. GPO links that are enforced cannot be blocked from the parent container.

    For more information about block inheritance, you could refer to the article below.

    Block Inheritance

    https://technet.microsoft.com/en-us/library/cc731076(v=ws.11).aspx

    In addition, you could create WMI filter for the different OS in forest root domain.

    select * from Win32_OperatingSystem where Version like "6.0%" and ProductType="1"

    Windows Server 2008 R2 or Windows 7              6.1%

    Windows Server 2012 R2 or Windows 8.1           6.3%

    Windows 10                                                         10%

    Windows XP                                                         5.1%

    Windows Server 2003                                          5.2%

    ProductType 1 = desktop OS

    ProductType 2 =Server OS ---Domain controller

    ProductType 3 =Server OS ---Not a domain controller

    For more information, you could refer to the article below.

    Create WMI Filters for the GPO

    https://technet.microsoft.com/en-us/library/cc947846(v=ws.10).aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, June 02, 2016 1:56 AM
    Moderator

All replies

  • Hi RadioActiveLamb,

    Thanks for your post.

    You could right-click the NewDomain.com and check Block Inheritance in Group Policy Management to achieve your goal.

    You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level.

    Additional considerations

    1. To complete this procedure, you must have Link GPOs permission for the domain or OU.
    2. If a domain or OU is set to block inheritance, it will appear with a blue exclamation mark in the console tree.
    3. GPO links that are enforced cannot be blocked from the parent container.

    For more information about block inheritance, you could refer to the article below.

    Block Inheritance

    https://technet.microsoft.com/en-us/library/cc731076(v=ws.11).aspx

    In addition, you could create WMI filter for the different OS in forest root domain.

    select * from Win32_OperatingSystem where Version like "6.0%" and ProductType="1"

    Windows Server 2008 R2 or Windows 7              6.1%

    Windows Server 2012 R2 or Windows 8.1           6.3%

    Windows 10                                                         10%

    Windows XP                                                         5.1%

    Windows Server 2003                                          5.2%

    ProductType 1 = desktop OS

    ProductType 2 =Server OS ---Domain controller

    ProductType 3 =Server OS ---Not a domain controller

    For more information, you could refer to the article below.

    Create WMI Filters for the GPO

    https://technet.microsoft.com/en-us/library/cc947846(v=ws.10).aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, June 02, 2016 1:56 AM
    Moderator
  • Hi,

    Are there any updates?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 16, 2016 1:58 AM
    Moderator