Hi Susan, Not a stupid question. Especially when you are just starting out with Group Policy the filtering can be a bit tricky.
So the default for filtering is Authenticated Users have Read and Apply Group Policy permissions. If you remove Authenticated Users from the list and only add the Group(s) that should receive the settings and exclude the group that should not. That will work. But your note mentions Everyone 'except' so it sounds like you want to leave Authenticated Users as is and simply add the 'filtered out' group to the filter list (you are using GPMC correct?) and set the permissions for that group to Deny the Apply Group Policy permission. If I am reading your message correctly this should work for you. Too many 'Denies' are usually not recommended. A few caveats for clarity (apologies if this is already known information). The Group Policy does not apply to the Group. It only applies to Users and Computers. The Group is simply used for filtering and delegation. So the Group Policy Object needs to be linked to containers that contain those users and computers that need to be configured. Regarding Visio, unless you have more complex needs here it is probably overkill. If you are doing many 'deny' ACEs on your GPOs it is a good idea to have some way to document those permissions so that you have a reference to go back to. Kevin Sullivan, MVP, MCSE Director of Product Management DesktopStandard Corporation Enterprise Desktop Management -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wednesday, September 21, 2005 5:58 PM To: [email protected] Subject: [ActiveDir] Group policy stupid question Stupid question that showcases how I don't know enough about GP Is there a way to do a group policy group so that it's "Everyone" but <-> "this group" And does Visio work the best for diagramming these structures out? <SBSlurker> -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
