How to bypass the GPO setting in windows 2003 server

Dear all,

In my office all the Pc's are in domain. for security reasons I enabled the active wall paper setting in the GPO. So now all the users having the same wall paper and Nobody can change it in the local pc's. Now the setting is reflected in the Domain controller also. I want this setting in client PC's only not in the server. So please tell me the instructions to bypass the GPO setting for Domain conroller.

Thanks

Prabhu K

I'm no expert, but the way I would do this is put all the staff computer in their own OU (Organizational Unit). Then you would create the GPO and apply it to the new OU, which should not include the domain controller/server. This way, only the computers/users in the new OU would have the settings apply.

Where did you apply the GPO?

Is this Windows 2000 or 2003 Server?

That would make the most sense Skepticals.

Just curious how setting the active wallpaper helps with security ?

As am I. I know of the active desktop setting in which you can have a web site diplayed as the wallpaper and such. But, I would think you would want to disable that setting - not enable it.

Hi all,

I'm not sure whether that's correct, but isn't it possible to change the ACL settings (security tab) for that GPO. Is it then possible to create a "Deny" read for the computer account of the domain controller? Just an idea. If this works then you don't have to change the existing setup. For user accounts this should work, dunno about computer accounts.

if it works, please tell

regards,
.alx

Yes alx, that should also work however it better to have the OU Structure setup properly so you don't need to mess around with permissions or blocking inheritance of GPO's. It makes troubleshooting them much simpler.