difference policies

[Tony WONG]

Default domain policy applied for a long time for a single policy for the
whole domain.
now i wish to classify the workstations into difference policies.

my workstation & login is one of the domain workstation and domain user

but i do not find these groups (domain workstation and domain user) in the
security tab of the default domain policy.
i only find autheniical users, creator owner, domain admin, enterprise
admin, enterprises domain controller, system

my problems are
1. i wish to detach some workstations from the default domain policy
2. add a new policy for those defautl domain policy

Thanks a lot

tony

 

[Tony WONG]

i tried to add a new policy, default the policy from domain computers to
domain server (new group)

bind the new policy to the domain server

it is failed.

i check the result by gpresult. Default domain policy is still being used
and new policy was filtered by WMI.

what's missed? thanks a lot.

tony

 

[Guest]

but i do not find these groups (domain workstation and domain user) in the

security tab of the default domain policy.

You have to add those groups manually. There is by the way no group called
'domain workstation' the one you're looking for is 'domain computers'

1. i wish to detach some workstations from the default domain policy

There are more ways to accomplish this
Method 1:
- create a new security group,
- add the workstation accounts you want to detach to this group
- add the group to the security tab of the default domain policy
- set the 'Apply' permissions for this group to Deny

Method 2:
- create an new OU
- place the workstation accounts you want to detach in this OU
- create a new GPO and configure the settings you want
- Link this GPO to the OU
- Turn on 'block policy inheritance' for the OU

Good luck!

Regards,
Erik

 

[Tony WONG]

Erik

it is fine with Method 1. Thanks a lot for your assistance.

tony