[gptalk] Re: Group Policy and WMI question

  • From: "Jason Williams" <jason.williams14@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Mon, 28 Jan 2008 16:28:02 -0800

Appreciate the help. I started to work on this today.

I did as you followed and created a special group that and dropped that
specific workstation into that group.
Under that GPO Security tab, I added that group and selected to DENY for
"Apply Group Policy".

However, doing a gpresult still shows that the policy is being applied.
I thought as well, that when you deny a policy, that is it.

The only other thing I can think of is that I do have a WMI filter on that
is set to only apply this particular policy to Windows XP machines, and the
machine I am trying to deny it to, is XP. That might be conflicting as I
think about it.

I appreciate the help.

Jason


On Jan 15, 2008 9:54 AM, Jakob H. Heidelberg <jakob@xxxxxxxxxxxxxxx> wrote:

>  The simple way is to use Security filtering.
>
>
>
> Create a group called something like "No_Firewall_Policy_Machines", add
> the workstation to that group and then on the GPO Security tab (delegation
> in GPMC) you can Deny "Apply Group Policy" for that group.
>
>
>
> You could turn around that method – so the policy would apply only to a
> particular group with all of your domain computers except that particular
> machine (in this case remember to remove the Authenticated Users group)… But
> in your case Deny-method might be easier.
>
>
>
> /Jakob
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jason Williams
> *Sent:* 15. januar 2008 18:40
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Group Policy and WMI question
>
>
>
> I have a group policy for Windows XP Firewall that is set to all of our
> desktop computers. I also put in a WMI filter that says to only apply this
> policy to Windows XP machines and not Vista machines (was causing issues
> when we did this.)
>
> Anyway, I have been given a request to see if it is possible to have one
> specific computer that is running XP, excluded from this particular group
> policy. Is this something I can do? Perhaps done through WMI or another
> method? I just started to look into this, so I am open to any suggestions.
>
> I appreciate it.
>
> Jason
>

Other related posts: