fort78 Posted June 27, 2011 Posted June 27, 2011 I was wondering how I would apply a GPO to every user on my domain except a specific one...for instance, if I was to edit the Default Domain Policy - how to stop it affecting everyone. I know on 2003, I used to just deny the GPO to the specific user - but unsure of how to go about this on 2008? Help much appreciated Quote
ICTCity Posted June 27, 2011 Posted June 27, 2011 You can easily disable inheritance, but this affect everyone on the domain. If you want to BLOCK only a user / group you can do this: Open Group Policy management mmc, select the OU where the policy is applied, select the policy. On the right side, there are 4 tabs, select the last one (I think is DELEGATION), on the right corner (bottom), click ADVANCED. On the next windows, click ADVANCED again and add a new user (the user or group you want to block), now check the box FULL CONTROL on the column DENY. To be honest, you can simply DENY the penultimate setting "APPLY GROUP POLICY", but deny everything just to be sure. After that you can use GROUP POLICY RESULTS to create a resultant policy which should show you that a specific policy is blocked. (Access denied). Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
fort78 Posted June 27, 2011 Author Posted June 27, 2011 Thanks again for the quick response - I'll give it a try and let you know how I get on :) Quote
Recommended Posts