?
Solved

Applying GPOs only to certain users on certain computers

Posted on 2004-10-12
7
Medium Priority
?
539 Views
Last Modified: 2011-09-20
Maybe this is a simple question, maybe not.  

How can I go about creating and implementing a GPO such that it employs user policy, but only applies the user policy on certain computers.

i.e.
I have User1 and User2 and Workstation1 and Workstation2.  I want to create a GPO that causes My Documents folder redirection (a User configuration for a GPO) for User1 and User2, but I ONLY want this GPO applied to Workstation1.  On Workstation2, both users should log in and access the local My Documents folder.

Thanks.
0
Comment
Question by:JeffN825
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12295957
Hi
You should be able to use loopback poilcy processing to achieve what you want. You'll need to put the Workstation in its own OU, set up the policies on that OU that you require, and enable loopback policy. This should then ensure that the policy is only applied to users of that workstation,
Loopback Processing of Group Policy
http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287

Deb :))
0
 
LVL 2

Expert Comment

by:ziwez0
ID: 12297344
Hi Jeff,

right i came across this problem a few months back and to be honest i still have not got round to finishing it.

you cant apply GPO to certain users, but you can apply them to security groups, which your users can be members off, or you can apply GPO locally on the computers.

Do you know how to go about setting up GPO?,
if you need help i will post a quick step by step guide...

-
David

0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12299903
You can create custom OUs, and put computers, workstations, and groups into them.  Then you can create GPOs at the OU level and everything  within that OU will process the Group Policy by default.  You can then make further adjustments by modifying the "Apply Group Policy" premission on the security tab of the GPO.

When implementing Group Policies on the OU level, you must start concerning yourself with inheiretance.
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 
LVL 1

Author Comment

by:JeffN825
ID: 12301371
I understand well the ideas involved in GPO inheritance.  I also know perfectly well how to set up GPOs and apply and enforce them.

There is already a fairly sophisticated set of heirarchical OUs and GPOs that I have set up.

My question, however, is how to apply User group policy, but only on a specific workstation.  My understanding is that if I set that a specific Group Policy in "Apply Group Policy" should apply only to a certain computer, that will NOT affect whether USER policy in that GPO applies on that computer.

Maybe I am wrong, if so, please let me know.
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12301443
That's right - unless you apply loopback policy on that gpo - did you read my link?
Contained in the link:
"""Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. ""

You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to."""
0
 
LVL 1

Author Comment

by:JeffN825
ID: 12301508
Deb, sorry, I missed your post up top until just now.  You hit the answer right on the head.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12301884
No probs! Just glad to help :))

Best wishes,

Deb :))
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question