Home > Active Directory > Different GPO’s for Domain Controllers OU

Different GPO’s for Domain Controllers OU

In this article describe how to create separate GPO for group or a specific domain controllers . For example, some scenario its intended to exclude some policies for specific or group of domain controllers from default domain controller Group policy. To achieve this goal, we could use the built-in “security filter” in GPMC. Please follow the steps below.

Step 1:Open GPMC and create GPO with set the desired policies

Step 2:Link the GPO to OU “Domain Controllers” OU

Step 3:Click the GPO in left pane, edit security filtering in right pane. Remove “Authenticated Users”, click “Add”, type the desired DC name and click “Check Names”, click “OK”.
NOTE: The Authenticated Users group includes both users and computers. So its need to remove it.

GPO

Then set the high priority for this GPO to overwrite the settings coming from the default domain controllers GPO.
Then the new GPO will be applied to the specific DC only.

The following article explain about Security filtering in GPMC

http://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc779291(v=ws.10).aspx

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: