Local machine policy and group policy.



I have placed domain wide group policy and its working just fine.
There are few machines that I like to tighten the security on and like to
define more security policies/ group policy based on machine rather that
domain wide.

So, Can I apply Group policy and local machine policies both on the machine.

Please advice.


Simon Geary

You can apply local policies and Group Policy on the same PC but I don't
think this is really what you mean. Local machine policies need to be
defined directly on each individual PC and can't be controlled centrally
through a GPO.

What I think you need to do is target a new GPO to only a subset of
computers. If the PC's in question are all in the same OU then it's nice and
easy, just create a new Group Policy and apply it to that OU. If they are
not in the same OU and can't easily be gathered there, you can also use
security filtering to get the same effect. To do this, you create a new
security group in AD and add all your target PC's as members. Then you apply
the policy at the domain level but edit the permissions so only your new
security group has the Read and Apply Group policy permission.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question