Re: MACHINE ACCOUNT filtering of group policy

From: Jimmy Andersson [MVP] (jimmy_noSpam__at_mvps.org)
Date: 05/12/04 

Date: Wed, 12 May 2004 13:57:30 +0200

Have you thought about using Loopback processing instead?

Regards,
/Jimmy 

-- 
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------
"JayDee" <Darius_Falt@hotmail.com> wrote in message
news:eGMNeIBOEHA.1104@TK2MSFTNGP10.phx.gbl...
> Hi all
>
> Can anyone tell me if its possible to filter group policy within an OU by
> MACHINE?
>
> I can filter by user, no problem. - create a group containing exempted
> users, and set permission on the GP object to "deny apply group policy" -
> works a treat
>
> but when I tried using a similar procedure with machine accounts, it didnt
> appear to work - the policies still get applied
>
> I'm trying to prevent some specific machines from applying certain GP
> objects, - both machine and user settings within the object must be
> prevented from being applied
> specifically I'm trying to stop a couple of machines from getting machine
/
> user software installation settings
>
> I dont really want to alter the structure of my organisation and start
> creating OU's for exception objects, becuase it works pretty well as it
is,
> and I only have a handful of exceptions that I'd rather filter on some
kind
> of 'security group' basis
>
> I've tried creating a security group that contains the machine accounts
> where I dont want to apply policy.
> i've then added this security group into the permissions for the GP
Object,
> with DENY READ, and DENY APPLY GROUP POLICY
>
> reboot the machine - the policy is still apllied  :~
>
> I was thnking perhaps its not possible to do with machine accounts in
groups
> 'per-se'
> maybe I have to do a WMI filter or somthing?
>
> would this be a correct assumption?
>
> any help appreciated.
>
> indebted to your guru-ness, as always  ;)
>
> J
>
>

Relevant Pages

  • Re: MACHINE ACCOUNT filtering of group policy
    ... > I can filter by user, ... > but when I tried using a similar procedure with machine accounts, ... > I've tried creating a security group that contains the machine accounts ... > i've then added this security group into the permissions for the GP ...
    (microsoft.public.windows.group_policy)
  • Re: Loopback policies - Domain admins ??
    ... Open the Group Policy object whose scope you want to filter. ... and then click the security group through ...
    (microsoft.public.win2000.group_policy)
  • Re: Loopback policies - Domain admins ??
    ... You have to filter the scope of Group Policy according to security group ... Open the Group Policy object whose scope you want to filter. ...
    (microsoft.public.win2000.group_policy)
  • Re: MACHINE ACCOUNT filtering of group policy
    ... > Can anyone tell me if its possible to filter group policy within an OU by ... > I can filter by user, ... > but when I tried using a similar procedure with machine accounts, ... > I've tried creating a security group that contains the machine accounts ...
    (microsoft.public.windows.group_policy)
  • MACHINE ACCOUNT filtering of group policy
    ... Can anyone tell me if its possible to filter group policy within an OU by ... I can filter by user, ... I've tried creating a security group that contains the machine accounts ...
    (microsoft.public.windows.group_policy)