Group Policy in mixed environments

Ever had a need to push out Group Policy settings to one client platform but not to another? For example, say you have a mixed Windows XP/2000 desktop computer environment and you want your Windows XP machines to receive some policy but not your Windows 2000 machines. How can you do this?

The easiest way is to put different computers in different OUs i.e. Windows XP computer accounts in one OU and Windows 2000 computer accounts in another. Then you can link separate GPOs to each OU and configure policy for them differently.

But what if you can’t do this? What if your computer accounts are mixed together in a single OU and need to stay that way? Well, what you could do is to create two new security groups, one called Windows 2000 Computers and the other called Windows XP Computers. Make all your Windows 2000 computer accounts members of the first group, and all your Windows XP computer accounts members of the second. Then use Group Policy security filtering to ensure that the GPO only applies to members of one group or the other as required. See my tutorial at for more information.


Mitch Tulloch was the lead author for the Windows Vista Resource Kit from Microsoft Press, which is THE book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. For more about Mitch, visit his website

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top