Enabling Disabled Services on Certain Systems

After you've disabled unneeded services on your systems, you might need to reenable select services on specific computers. You can handle this task in one of two ways. The first method is to create an organizational unit (OU) for the computers that need the service, then link that OU to a Group Policy Object (GPO) that sets the necessary service to Automatic startup. Windows 2000 applies OU-linked GPOs after it applies domain-linked GPOs, so the OU-linked GPO will override the Default Domain Policy GPO and thus enable the service. However, this method doesn't work well when you've designed an OU structure around other requirements.

The second method is to create an exception domain-linked GPO and modify that GPO’s ACL to limit the GPO’s application to the systems that need those services. Create a group in Active Directory (AD) and name it appropriately—for example, FrontPageWorkstations. Add the necessary workstations as group members. Then, create a new GPO—for example, FrontPageWorkstationsPolicies—under the domain root and edit the GPO's ACL so that the FrontPageWorkstations group only has the Apply Group Policy permission. You also need to enable the WWW service for the GPO. (For more information about managing Group Policy, see "Controlling Group Policy, Part 1," November 2000, InstantDoc ID 15704, and "Controlling Group Policy, Part 2," Winter 2000, InstantDoc ID 15886.)

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.