# Apply group policy to specific computers only



## misteresauce

hi guys, new to this forum, thanks in advance!

here's the deal, i want to apply a gpo (for windows update) to all computers in the domain EXCEPT servers. i want windows to automatically update and restart workstations every night but i DO NOT want the servers restarting (duh). how would you recommend accomplishing this?


----------



## dude04

Create a group called Servers add all the servers to this group and apply the domain level policy to this group (stating that you do not want this perticular policy on it or simply do not apply this policy to this group.)

Remember doman level policies overwrite the local ones.


----------



## misteresauce

okay, how do i create a group of computers though? i only know how to make user groups (ie security groups and distribution groups), is there another way?

thanks!


----------



## Prince_Lucifer

No offense..I may be dumb on this...But y not create a new OU to dump those workstations into it and write a logon script to it...?


----------



## thigley986

I just finished a WSUS implementation for over 500 computers, and here is what I would reccomend based on that experience.

Create an OU for servers and an OU for workstations. Place computers in their respective OU's. Create a GPO for each. You can specify the options for each GPO, allowing the Windows Servers to download, but not automatically install or reset and in the desktop GPO specify an automatic install and restart.

If you need more specific instructions, let me know.


----------



## RHPLMisterE

Hi,

I'm new here so hello and thanks for any information you can provide. I have have a fair amount of 'book smarts' on Active Directory but I'm just now making the leap into a live enviroment at work.

I think I understand that if I wish to apply seperate Group Policies to Computers or Users I need to move them into a seperate container. However, what I am getting confused on is say I make a container finance and move all the users from finance into the container. They disappear from the regular users container  How can I quickly view all my users? Plus is this the only benifit of seperate containers? I can use NTFS and Security Groups for most things I need, and having all the users visible in one spot is nice.

Any information would be greatly appreciated. I hope that I can help someone else out as I get more familar!

Thanks,


----------



## hamcse924

*OU mania*

thigley has the right plan. It's Group Policy 101, create an OU, apply GPOs to target OU, and that policy will only affect the users and/or computers (depending on your GPO settings) in that OU.

As far as quickly viewing all your users...

Within AD Users & Computers, right click on your domain at the top (ie. ABC.com) and choose "Find" on the context menu.

Do a blank search against Users, Groups, and Computers and the results will appear. You "see" all your users in the results. If you only want to see users, do an advanced search.

It would be nice if the results would show which OU the users are in. We are Windows 2000 native, so maybe Windows 2003 can do this?

Good luck


----------

