Deny Group Policy
I'm wanting to deny a policy to a computer. I have a number of PC's in an OU but there is 1 PC in the department that I do not want the policy to be applied to. Now I could go down the route of reorganising my AD structure but it's going to complicate it and it's a bit needless if I can do, as I could in 2003 server deny the policy application to a PC/Group.
Can I do it under the deligation tab? The scope tab just lists who the policy is appied to...
Delegation then Advanced button should put you on familiar ground ;)
Well yesterday I thought it was there and today when I looked it turns out that not only is it there but I had already set up the security to block it. It turns out it stopped working.....
I made changes to another policy (Policy 2) on that OU and enabled group policy loopback processing in merge mode. For some reason, despite being blocked from reading and applying the policy in question (Policy 1) it still applied. when I disabled loopback processing on policy 2, policy 1 stopped being applied. How strange. And irritating.
I have to say I am experiencing similar things with loopback and my ts policies. Hmmmmm
Originally Posted by Stuart_C
Have we found an actual bug? Or are we both making the same mistake? :)
Have never checked, but I would definitely expect loopback GPOs to be processed in the User context, so security-filtering loopback GPOs for one or more computers will not have any effect.