我们有一个login脚本应用于整个域,用户login时映射驱动器。
对于一个特定的计算机OU,我想阻止应用此GPO。
我认为,使用组策略回送处理可能能够做到这一点,但我不知道如何做到这一点驱动器映射(我的testing“合并”和“replace”环回处理都不成功)。
任何人都可以指向正确的方向吗?
要阻止链接到域的GPO应用到OU,可以通过右键单击OU并select“阻止inheritance”,在该OU上使用“阻止inheritance”。
这也阻止了通常由该OUinheritance的所有其他GPO的inheritance,除非它们被强制执行。 如果您需要避免这种情况,那么我将使用该组策略对象的委派选项卡中的设置,特别是拒绝用户或组读取/应用该GPO的能力。
Use Group Policy Management Console 1. Click Start, point to Administrative Tools, and then click Group Policy Management. 2. In the console tree on the left, expand Forest. 3. Expand Domains. 4. Expand Domain Name. 5. Expand Group Policy Objects. 6. Click the Group Policy object that you do not want to apply to [some group]. 7. In the display pane on the right, click the Delegation tab. 8. Click the Advanced button in the lower-right corner of the display pane. 9. Click Add, and then type the account name that you do not want the Group Policy object to apply to. 10. Click OK. Note Group Policy objects contain settings that apply to computer objects and to user objects. If you want only to restrict user settings from applying, add only the user account that you do not want the policy settings to apply to. If you want only to restrict computer settings from applying, add only the computer account that you do not want the policy settings to apply to. To add computer accounts, you have to click the Object Types button, and then click to select the Computers check box. 11. Make sure that the newly-added account is selected in the Group or user names window. Then, scroll down in the Permissions window, and click to select the Deny check box for the Apply group policy permission. 12.Click OK. 13. Click Yes at the Windows Security prompt. 此方法意味着您为不希望应用该驱动器映射策略的人pipe理单独的安全组。