Continue of previous post Group Policy - Processing Order. This post shows an example of solving Group Policy task, where some group policy needs to be excluded from applying on a specific computer.
Let’s start what we have. There is a parent Organizational Unit called “TEST_OU”. Inside we have Computers and Users OU’s as on a screenshot below.
COMPUTERS OU contains computer objects (Computer1 and Computer2) and USERS OU has only user objects (User1 and User2).
Group Policies are configured in the following way - ComputerPolicy1/2 are linked to COMPUTERS OU and have only Computer Settings, UserPolicy1/2 are linked to USERS OU and have only Users Settings configured.
Task: Do not apply UserPolicy2 when User1 or User2 logon to Computer1 and Computer2.
There are 2 ways to solve this task:
1. Link UserPolicy1 to COMPUTERS OU and enable Loopback processing in Replace mode. In this case UserPolicy2 will be ignored.
2. Use WMI Filer on UserPolicy2.
Here I will show how to do a second option. The filter below will exclude UserPolicy2 from applying on Computer1 and Computer2 objects.
root\CIMv2
SELECT * FROM Win32_ComputerSystem WHERE NOT Name LIKE 'COMPUTER1' AND NOT Name LIKE 'COMPUTER2'
Then link WMI filter to UserPolicy2.
Now UserPolicy2 shouldn’t be applied when User1 or User2 logons to Computer1/2.
No comments:
Post a Comment