Do not apply GPO to one machine in an OU

[Guest]

How can I not apply a GPO to one computer in my OU?

 

[Matjaz Ladava [MVP]]

1. Create a security group for computers to which you want to apply GPO,
2. put all but one computer (the one that you don't want GPO to be applied
to) in that security groups,
3. edit GPO security settings and remove Authenticated users from reading
and applying GPO's
4. Add your security group rights to read and apply GPO

--
Regards

Matjaz Ladava, ladava.com
MCSA, MCSE, MCT
Microsoft MVP Windows Server - Directory Services
e-mail: (e-mail address removed), (e-mail address removed)

 

[Kenneth MacDonald]

1. Create a security group for computers to which you want to apply GPO,
2. put all but one computer (the one that you don't want GPO to be applied
to) in that security groups,
3. edit GPO security settings and remove Authenticated users from reading
and applying GPO's
4. Add your security group rights to read and apply GPO

Alternatively, and perhaps more simply ...

1) Create a security group for the computer(s) you don't wish to apply the
GPO to.
2) Edit the GPO's delegation tab (Advanced) and Add a Deny Apply for that
group.

Cheers,

Kenny.

 

[Cary Shultz [A.D. MVP]]

I usually like to avoid using DENY.......you end up getting a lot of log
events - among other things.

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com