A while back I was asked to create a disclaimer policy which all users would have to accept before being able to lo log into Windows. I did this by enabling the “Interactive Logon” security setting in out default domain GPO. This applied the policy to everything.
This has worked a treat but now I need some help figuring out how I can remove the policy form a few service accounts. The service accounts are set to automatically logon and run certain scripts but they now don’t log on until someone clicks OK to the disclaimer.
Is there any way to block the policy from being applied to certain OU’s when the setting is set at domain level?
I have the “Block Inheritance” setting checked on the OU but its still being applied.
So in summary I need the disclaimer to be applied to all users & computers in the domain except 2 user service accounts which log onto servers 2 specific servers.
Is there an easy way to achieve this without having to apply the disclaimer to each OU?
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.