ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Block GPO Inheritance

    IT Discussion
    7
    21
    1453
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • alex.olynyk
      alex.olynyk last edited by

      Dont know what I am doing wrong Trying to exempt a specific OU from my password policies. I have BLOCKED the OU but It still requires the password policy. What am I missing?

      1 Reply Last reply Reply Quote 0
      • T
        tiagom last edited by

        Sounds like you probably need fine-grained password policies.

        https://technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspx

        1 Reply Last reply Reply Quote 0
        • DustinB3403
          DustinB3403 last edited by

          Is this GPO pulled from another group policy that the OU is a part of?

          1 Reply Last reply Reply Quote 1
          • Brains
            Brains last edited by

            What method did you use to block the OU?

            alex.olynyk 1 Reply Last reply Reply Quote 0
            • nadnerB
              nadnerB last edited by

              Did you make it a Computer or User policy?
              Even though you have blocked the inheritance on an OU, it might be applied elsewhere and still get through.

              If it's a Computer policy and you are blocking the inheritance on the User OU, you might find that the policy is also applied on the Computer OU and hence why it is still active.

              1 Reply Last reply Reply Quote 1
              • nadnerB
                nadnerB last edited by

                Where have you applied it to? Domain level or lower?

                alex.olynyk 1 Reply Last reply Reply Quote 0
                • alex.olynyk
                  alex.olynyk @Brains last edited by

                  @Brains Open group policy management
                  Right click OU
                  Enable block inheritance

                  1 Reply Last reply Reply Quote 0
                  • alex.olynyk
                    alex.olynyk @nadnerB last edited by

                    @nadnerB applied at the OU

                    1 Reply Last reply Reply Quote 0
                    • alex.olynyk
                      alex.olynyk last edited by

                      is there a way to set password policies in a GPO's user configuration?
                      I only see them in computer configuration

                      Brains 1 Reply Last reply Reply Quote 0
                      • alex.olynyk
                        alex.olynyk last edited by

                        or should I create a GPO for just the password policies?

                        DustinB3403 1 Reply Last reply Reply Quote 0
                        • alex.olynyk
                          alex.olynyk last edited by

                          some background...we have ricoh scanners and these scanners do not accept a special character in the password field. our company policy requires a special character in the password so we need to exclude the accounts used for the ricoh scanners

                          1 Reply Last reply Reply Quote 0
                          • alex.olynyk
                            alex.olynyk last edited by

                            i applied at the domain level now

                            1 Reply Last reply Reply Quote 0
                            • IRJ
                              IRJ last edited by

                              Filter using by OU using WMI. In your case, you would deny the specific WMI filter for that OU.

                              https://social.technet.microsoft.com/Forums/windowsserver/en-US/efa8d1f8-1ef9-47b6-8a1b-ea633a5c213a/seacrhing-computers-ou-or-dn-in-wmi-filter?forum=winserverGP

                              Brains 1 Reply Last reply Reply Quote 1
                              • IRJ
                                IRJ last edited by

                                This might be a little easier....

                                www.grouppolicy.biz/2010/02/how-to-find-and-use-wmi-values-for-group-policy-filtering/

                                Brains 1 Reply Last reply Reply Quote 1
                                • Brains
                                  Brains @IRJ last edited by

                                  @IRJ said in Block GPO Inheritance:

                                  Filter using by OU using WMI. In your case, you would deny the specific WMI filter for that OU.

                                  https://social.technet.microsoft.com/Forums/windowsserver/en-US/efa8d1f8-1ef9-47b6-8a1b-ea633a5c213a/seacrhing-computers-ou-or-dn-in-wmi-filter?forum=winserverGP

                                  This is the way I would do it if there isnt a SG you can filter by

                                  chrisnbrooks 1 Reply Last reply Reply Quote 1
                                  • Brains
                                    Brains @alex.olynyk last edited by

                                    @alex.olynyk said in Block GPO Inheritance:

                                    is there a way to set password policies in a GPO's user configuration?
                                    I only see them in computer configuration

                                    They are located in computer configuration, why do you want to set them as user config?

                                    1 Reply Last reply Reply Quote 0
                                    • DustinB3403
                                      DustinB3403 @alex.olynyk last edited by

                                      @alex.olynyk said in Block GPO Inheritance:

                                      or should I create a GPO for just the password policies?

                                      Discrete policies are best

                                      1 Reply Last reply Reply Quote 1
                                      • Brains
                                        Brains @IRJ last edited by

                                        @IRJ said in Block GPO Inheritance:

                                        This might be a little easier....

                                        www.grouppolicy.biz/2010/02/how-to-find-and-use-wmi-values-for-group-policy-filtering/

                                        great reference site for a whole host of questions!

                                        1 Reply Last reply Reply Quote 2
                                        • chrisnbrooks
                                          chrisnbrooks @Brains last edited by

                                          @Brains Agree. I much rather manage SG memberships for GPO, than OU placement. Less clutter, less margin of error, easier access and oversight. I also understand that people often inherit their AD schema from predecessors and can't afford the time and risk for a complete redesign.

                                          alex.olynyk 1 Reply Last reply Reply Quote 1
                                          • alex.olynyk
                                            alex.olynyk @chrisnbrooks last edited by

                                            @chrisnbrooks What is SG?

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post