Group Policy folder & Process exclusions for DC & Clients

LMS 156 Reputation points
2021-03-16T06:46:52.077+00:00

Hi

We are looking for exclusions specific for Windows 2016 DCs, Windows servers and Win 10 Client PCs. With our environment we have Symantec End point protection, Cisco AnyConnect / ISE, DPM etc.

Thanks in advance

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,649 questions
Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
1,884 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Fan Fan 15,061 Reputation points
    2021-03-17T00:05:20.543+00:00

    Hi,
    If you want to exclude some specific PCs or computers , here are some methods for your reference:
    1, The security filter on the GPO.
    Groups need to be created , and put the the 2016DCs and Clients into different groups for different purpose.
    If you don't want them to apply the group policy, just add the groups and deny the "apply group policy "permission as following screenshot showing:
    78484-3171.jpg
    2, To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management
    MMC snap-in to create and assign WMI filters to the GPO.
    To create a WMI filter that queries for a specified version of Windows, you can get more details in the following link:
    https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo
    Best Regards,

    No comments