I was just using that as an example - I apologize for having chosen a poor one.
I would never exclude anyone from the "Default Domain Policy" as it applies at the domain level - only our "Domain Controllers" GPO and "Servers" GPO block inheritance of the "Default Domain Policy" GPO - it applies to everything else.
 
We have another GPO using only the inetres.adm template to apply internet explorer settings that also applies to the entire domain.  It is this GPO that the CEO will be excluded from, as he's also the owner of the company, so he gets to choose his own home page settings on IE, while everyone else gets it set to the corporate intranet.  :S
----- Original Message -----
From: joe
Sent: Tuesday, February 08, 2005 10:06 AM
Subject: RE: [ActiveDir] Exclude a specific user (or group) from a GPO (WMI Filter?)

If you have any intention of excluding your CEO or anyone else from any other policies you should probably better scope your GPOs. Don't make the changes in the domain policy, in fact I rarely recommend anyone change things in that policy except for the things that they absolutely have to. Put the policies down on the OU(s) where the users/computers are. Then place the users and computers in the OU specific to the policy they should have.
 
BTW, why shouldn't the CEO have a machine configured like everyone else?
 
  joe


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B
Sent: Tuesday, February 08, 2005 10:52 AM
To: [email protected]
Subject: [ActiveDir] Exclude a specific user (or group) from a GPO (WMI Filter?)

In this example, I want to exclude our CEO from having a forced IE start page through GPO, while the remainder of our domain keeps a forced homepage.  Is the best way to go about this, to write a WMI filter to exclude that specific user, or is there some better way to do it, as we have this set in our Default Domain Policy?
 
If so, can anyone point me to a good tutorial for writing such a WMI script?
 
Thanks.

Reply via email to