Re: Unable to Block Group Policy Inheritance

On Jan 12, 10:15 am, "Florian Frommherz [MVP]"
<flor...@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Howdie!

bcros...@xxxxxxxxx wrote:
Hello,
I am running a Windows 2003 Server Standard SP2 Domain Controller.  I
have a group policy named Login that is at the user level that maps
two drives for end users on an OU named Accounts.  I have another OU
named Servers that I want to block the inheritance of the group policy
named Login.  I have checked Block Inheritance on the OU named Servers
yet the policy is not blocked when I login to one of my servers.  The
OU Servers is not a child object (beneath) Accounts.  I need to block
the group policy from my servers.
Any thoughts on how to do this?  Is it possible to block a group
policy that applies to users on a computer level?
I hope this makes sense.

That's because you have a user configuration policy - and it applies to
the user, not the machine. This means that you cannot block inheritance
on the server/machine level. Apart from that, blocking inheritance like
you used it would also need the ServersOU be child OU of the AccountsOU.

Have a look at "loopback processing mode" of Group Policy. Enable
loopback on the ServersOU and set it to replace. That should stop the
script from running. Thoroughly read what loopback is and what it does.
It can have impact on Group Policy processing speed and other policies
of users logging on to the machines:

http://support.microsoft.com/kb/231287http://technet.microsoft.com/en-us/library/cc757470.aspxhttp://technet.microsoft.com/en-us/library/cc782810.aspx

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog:http://www.frickelsoft.net/blog.
Maillist (german):http://frickelsoft.net/cms/index.php?page=mailingliste

Thank you for your quick and thorough reply. Your suggestion worked
perfectly.
.

Relevant Pages

  • Re: Terminal Server GPO Issue
    ... servers that is not in the OU where the GPO is supposed to be applied and I ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Sharepoint Auth GPO ... Event Log Settings ...
    (microsoft.public.windows.server.active_directory)
  • Re: Unable to Block Group Policy Inheritance
    ... have a group policy named Login that is at the user level that maps ... named Servers that I want to block the inheritance of the group policy ... I have checked Block Inheritance on the OU named Servers ... This means that you cannot block inheritance on the server/machine level. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Terminal Server GPO Issue
    ... servers that is not in the OU where the GPO is supposed to be applied and I ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Sharepoint Auth GPO ... Event Log Settings ...
    (microsoft.public.windows.server.active_directory)
  • Re: Application error log
    ... Disclaimer: This posting is provided "AS IS" with no warranties, ... I have 3 servers in our office running win 2003 R2 servers ... I did not set any group policy in my servers. ...
    (microsoft.public.windows.server.networking)
  • Unable to Block Group Policy Inheritance
    ... have a group policy named Login that is at the user level that maps ... named Servers that I want to block the inheritance of the group policy ... I have checked Block Inheritance on the OU named Servers ...
    (microsoft.public.windows.server.active_directory)
Loading