Question : Using a security group to deny access to default domain policy

I have automatic updates configured in our default domain policy and i'd like to exclude our production servers from it. I set up a security group and added all the computer accounts for the servers I want excluded. Then I added that security group to the group policy and checked deny apply policy. When I doa gpupdate and gpresult it still shows that it's applying the default domain policy. on the other hand, if I add just a single machine account to the ACL of the default domain policy and check the deny apply group policy it works as expected. when I run gpresult it shows that it's been blocked by the ACL.

Why won't this work with a security group containing the machine accounts?

Answer : Using a security group to deny access to default domain policy

Hi shanna1017,

Group policies are applied to OUs and only affect Computer or User objects within the OU (or a child OU) - They are not applied to Security or Distro Groups.

You should create a seperate OU for your production servers to be placed in and then block inheritance of the default GPO to that OU.

Cheers!

Random Solutions

How do I get all the latest stuff for Fedora using yum?

Adjust text leading/tracking Acrobat 6 Pro

Generic Win32 Host / SVChost Errors

Hiding the Windows Task Bar

Automatic Export to Excel to a network drive

Deadlock & multiple resources error

Exchange 2003 and RDNS recieveing email delay errors

Windows 2000 Cryptographic service