Re: Preventing GP from being pushed down to a selective machine
- From: Scrivnet78 <Scrivnet78@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Nov 2008 09:55:01 -0800
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 11/18/2008 at 10:51:24 AM
RSOP results for LOCAL\FedEx on FEDEX-NUO68S637 : Logging Mode
---------------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: LOCAL
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\FedEx
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=FEDEX-NUO68S637,OU=no policy push,DC=test,DC=local
Last time Group Policy was applied: 11/18/2008 at 9:39:01 AM
Group Policy was applied from: names.test.local
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
TestForNoPush
Filtering: Not Applied (Empty)
Default Domain Policy
Filtering: Disabled (Link)
Default Domain Controllers Policy
Filtering: Not Applied (Unknown Reason)
KAgentDeployment
Filtering: Not Applied (Unknown Reason)
Default Domain Policy
Filtering: Not Applied (Unknown Reason)
Local Group Policy
Filtering: Not Applied (Empty)
TestForNoPush
Filtering: Disabled (Link)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
FEDEX-NUO68S637$
Domain Computers
Resultant Set Of Policies for Computer:
----------------------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: N/A
GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: N/A
GPO: Default Domain Policy
Policy: LockoutDuration
Computer Setting: 60
GPO: Default Domain Policy
Policy: ResetLockoutCount
Computer Setting: 15
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: N/A
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: 3
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 42
Audit Policy
------------
GPO: Default Domain Policy
Policy: AuditAccountLogon
Computer Setting: Success, Failure
User Rights
-----------
N/A
Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
Event Log Settings
------------------
N/A
Restricted Groups
-----------------
N/A
System Services
---------------
GPO: Default Domain Policy
ServiceName: MpsSvc
Startup: Automatic
GPO: Default Domain Policy
ServiceName: SharedAccess
Startup: Automatic
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{d2c34ab2-529a-46b2-b293-fc853fce72ea}
State: Enabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: disabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272edfb-af9f-4ddf-b65b-e4282f2deefc}
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191cd7fa-f240-4a17-8986-94d480a6c8ca}
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: disabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868b733-4b3a-48f8-9136-aa6d05d4fc83}
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Default Domain Policy
Setting:
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
USER SETTINGS
--------------
CN=FedEx,OU=no policy push,DC=test,DC=local
Last time Group Policy was applied: 11/18/2008 at 10:26:36 AM
Group Policy was applied from: names.test.local
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
TestForNoPush
Filtering: Not Applied (Empty)
Default Domain Policy
Filtering: Disabled (Link)
Default Domain Controllers Policy
Filtering: Not Applied (Empty)
KAgentDeployment
Filtering: Not Applied (Unknown Reason)
Default Domain Policy
Filtering: Not Applied (Unknown Reason)
Local Group Policy
Filtering: Not Applied (Empty)
TestForNoPush
Filtering: Disabled (Link)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Internet Users
ProxySG Users
_Web Anonymous Users
WINS Users
DHCP Users
Resultant Set Of Policies for User:
------------------------------------
Software Installations
----------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: Enabled
GPO: Default Domain Policy
Setting: Software\Policies\Microsoft\Windows\System
State: Enabled
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
----------------------------------------
GPO: Default Domain Policy
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: test
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
----------------------------
HTTP Proxy Server: N/A
Secure Proxy Server: 192.168.100.76:8080
FTP Proxy Server: 192.168.100.76:8080
Gopher Proxy Server: 192.168.100.76:8080
Socks Proxy Server: 192.168.100.76:8080
Auto Config Enable: No
Enable Proxy: No
Use same Proxy: No
Internet Explorer URLs
----------------------
GPO: Default Domain Policy
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Default Domain Policy
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
--------------------------
GPO: Default Domain Policy
Import the current Program Settings: No
"Meinolf Weber" wrote:
Hello Scrivnet78,.
If you run gpresult /v on the machines in that OU without linked policies
and disabled inheritance, what is the result? Please post it here.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
So is the way I went about it the most effective way to get what i
need accomplished?
"Meinolf Weber" wrote:
Hello Scrivnet78,
At least the password policy will be applied, if you check "block
inheritance" doesn't matter.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I have several machines that I need on my domain, but I need to
prevent ALL policies from being pushed down, including the default.
Is there a way to do this?
I made a different OU, moved the computers into them and made a new
generic policy, then linked it in GPMC and then went into the
properties of the OU and told it to not allow inheritance and to
only allow my generic policy. This still didn't seem to work.
- Follow-Ups:
- Re: Preventing GP from being pushed down to a selective machine
- From: Meinolf Weber
- Re: Preventing GP from being pushed down to a selective machine
- From: Florian Frommherz [MVP]
- Re: Preventing GP from being pushed down to a selective machine
- References:
- Preventing GP from being pushed down to a selective machine
- From: Scrivnet78
- Re: Preventing GP from being pushed down to a selective machine
- From: Meinolf Weber
- Re: Preventing GP from being pushed down to a selective machine
- From: Scrivnet78
- Re: Preventing GP from being pushed down to a selective machine
- From: Meinolf Weber
- Preventing GP from being pushed down to a selective machine
- Prev by Date: Re: Service Connection Point (SCP) Best Practices
- Next by Date: Re: GPPrep in Windows 2008
- Previous by thread: Re: Preventing GP from being pushed down to a selective machine
- Next by thread: Re: Preventing GP from being pushed down to a selective machine
- Index(es):
