Server Fault Asked by appsecguy on December 30, 2021
I want to enforce local GPO settings on specific servers so that the domain GPO does not overwrite them. These systems were hardened specifically, but due to way too many issues to list, we cannot change the OU they are in, and cannot change the domain GPO at this time.
Is there any way to ensure that the changes made to the local GPO are not overwritten?
Answered by strange walker on December 30, 2021
Yes, you can set the policies in a Domain GPO and make it enforced. Then use GPO masking - add all the servers in question to a group & only allow that group read access to the new GPO.
This assumes they are all Computer settings, if you need User settings to get applied you may want to look at using a loopback.
Answered by TheFiddlerWins on December 30, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP