[gptalk] Re: Group Policy and WMI question

  • From: "Jason Williams" <jason.williams14@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Tue, 29 Jan 2008 08:48:03 -0800

Hi Darren,

That was it. Simple reboot fixed it.
Thanks.

Jason

On Jan 28, 2008 4:50 PM, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:

>  Jason-
>
> The other possibility is that the computer has not picked up its new group
> membership. In fact, only a reboot will refresh the workstation's token with
> the new group information.
>
>
>
> Darren
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jason Williams
> *Sent:* Monday, January 28, 2008 4:28 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Group Policy and WMI question
>
>
>
> Appreciate the help. I started to work on this today.
>
> I did as you followed and created a special group that and dropped that
> specific workstation into that group.
> Under that GPO Security tab, I added that group and selected to DENY for
> "Apply Group Policy".
>
> However, doing a gpresult still shows that the policy is being applied.
> I thought as well, that when you deny a policy, that is it.
>
> The only other thing I can think of is that I do have a WMI filter on that
> is set to only apply this particular policy to Windows XP machines, and the
> machine I am trying to deny it to, is XP. That might be conflicting as I
> think about it.
>
> I appreciate the help.
>
> Jason
>
>  On Jan 15, 2008 9:54 AM, Jakob H. Heidelberg <jakob@xxxxxxxxxxxxxxx>
> wrote:
>
> The simple way is to use Security filtering.
>
>
>
> Create a group called something like "No_Firewall_Policy_Machines", add
> the workstation to that group and then on the GPO Security tab (delegation
> in GPMC) you can Deny "Apply Group Policy" for that group.
>
>
>
> You could turn around that method – so the policy would apply only to a
> particular group with all of your domain computers except that particular
> machine (in this case remember to remove the Authenticated Users group)… But
> in your case Deny-method might be easier.
>
>
>
> /Jakob
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jason Williams
> *Sent:* 15. januar 2008 18:40
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Group Policy and WMI question
>
>
>
> I have a group policy for Windows XP Firewall that is set to all of our
> desktop computers. I also put in a WMI filter that says to only apply this
> policy to Windows XP machines and not Vista machines (was causing issues
> when we did this.)
>
> Anyway, I have been given a request to see if it is possible to have one
> specific computer that is running XP, excluded from this particular group
> policy. Is this something I can do? Perhaps done through WMI or another
> method? I just started to look into this, so I am open to any suggestions.
>
> I appreciate it.
>
> Jason
>
>
>

Other related posts: