Group Policy 2

[Freemo]

Hi,

Does anyone out there know if i can stop group policy from applying to a particular computer and if so how do i go about it?

Many thanks

 

[lhuegele]

I don't understand why you would ever want to do such a thing, but one way springs to my mind - remove it from the domain all together.

Good luck,

 

[LawnBoy]

Or move the computer to an OU that's outside the scope of the GPO.

"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[Freemo]

Perhaps i should have explained at the start why i want to do it. I have 2 application servers and i do not want to run users log in scripts when they log in to the application servers but i do want to run them when they log in to their local machine.

The application servers are already in a seperate OU with no group policy applied but the logon scripts still run, presumably because they are assigned to the user.

 

[AaronBeau]

The best way to go about group policy not applying to certain objects would be to organize your Active Directory into OU's.

In your case, I would create an OU for Servers, Desktops, and then another OU called "Above the Law Computers" (probably not a good idea to actually use this name).

From Group Policy Management, right click on Above the Law Computers and select 'Block Inheritance'. This will block any group policy to objects within this OU.

--------
Something else to consider, if there is some policy that you would want to be pushed out to EVERYTHING, you would want to make a Group Policy object and make sure it is 'Enforced'. Enforced will be applied even if there is a block inheritance.


Hope this helps.

 

[AaronBeau]

I should probably have added this link for the Group Policy Management Console.

http://www.microsoft.com/downloads/...24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en