JeffN825
asked on
Applying GPOs only to certain users on certain computers
Maybe this is a simple question, maybe not.
How can I go about creating and implementing a GPO such that it employs user policy, but only applies the user policy on certain computers.
i.e.
I have User1 and User2 and Workstation1 and Workstation2. I want to create a GPO that causes My Documents folder redirection (a User configuration for a GPO) for User1 and User2, but I ONLY want this GPO applied to Workstation1. On Workstation2, both users should log in and access the local My Documents folder.
Thanks.
How can I go about creating and implementing a GPO such that it employs user policy, but only applies the user policy on certain computers.
i.e.
I have User1 and User2 and Workstation1 and Workstation2. I want to create a GPO that causes My Documents folder redirection (a User configuration for a GPO) for User1 and User2, but I ONLY want this GPO applied to Workstation1. On Workstation2, both users should log in and access the local My Documents folder.
Thanks.
Hi Jeff,
right i came across this problem a few months back and to be honest i still have not got round to finishing it.
you cant apply GPO to certain users, but you can apply them to security groups, which your users can be members off, or you can apply GPO locally on the computers.
Do you know how to go about setting up GPO?,
if you need help i will post a quick step by step guide...
-
David
right i came across this problem a few months back and to be honest i still have not got round to finishing it.
you cant apply GPO to certain users, but you can apply them to security groups, which your users can be members off, or you can apply GPO locally on the computers.
Do you know how to go about setting up GPO?,
if you need help i will post a quick step by step guide...
-
David
You can create custom OUs, and put computers, workstations, and groups into them. Then you can create GPOs at the OU level and everything within that OU will process the Group Policy by default. You can then make further adjustments by modifying the "Apply Group Policy" premission on the security tab of the GPO.
When implementing Group Policies on the OU level, you must start concerning yourself with inheiretance.
When implementing Group Policies on the OU level, you must start concerning yourself with inheiretance.
ASKER
I understand well the ideas involved in GPO inheritance. I also know perfectly well how to set up GPOs and apply and enforce them.
There is already a fairly sophisticated set of heirarchical OUs and GPOs that I have set up.
My question, however, is how to apply User group policy, but only on a specific workstation. My understanding is that if I set that a specific Group Policy in "Apply Group Policy" should apply only to a certain computer, that will NOT affect whether USER policy in that GPO applies on that computer.
Maybe I am wrong, if so, please let me know.
There is already a fairly sophisticated set of heirarchical OUs and GPOs that I have set up.
My question, however, is how to apply User group policy, but only on a specific workstation. My understanding is that if I set that a specific Group Policy in "Apply Group Policy" should apply only to a certain computer, that will NOT affect whether USER policy in that GPO applies on that computer.
Maybe I am wrong, if so, please let me know.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Deb, sorry, I missed your post up top until just now. You hit the answer right on the head.
No probs! Just glad to help :))
Best wishes,
Deb :))
Best wishes,
Deb :))
You should be able to use loopback poilcy processing to achieve what you want. You'll need to put the Workstation in its own OU, set up the policies on that OU that you require, and enable loopback policy. This should then ensure that the policy is only applied to users of that workstation,
Loopback Processing of Group Policy
http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287
Deb :))