?
Solved

Apply user policies selectively

Posted on 2007-04-06
5
Medium Priority
?
222 Views
Last Modified: 2010-04-18
We have an Active Directory Domain running at 2003 native mode.  We have a small set of laptops we want to lockdown.  We found that we lock everything we need to using group policies and that works as long as the users are in the OU that we have linked the ou to.  the problem we are running into however is the following. We only want the Group Policy to apply to them if they are logging into these laptops.  If they are logging into their desktops we do not need them to be affected by this policy.  Does anyone have any ideas?  I have heard of Loopback processing of Group Policies but am not sure how to apply this.

Thanks in advance.

Raoul
0
Comment
Question by:amnhtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:John Gates, CISSP
ID: 18863733
Move the laptops into an OU and apply the policies to the laptops.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 1000 total points
ID: 18863769
More specifically, place the laptops in a separate OU and configure a GP with the appropriate lock-down settings. Within that GPO, configure loopback processing in the following node: Computer Settings\Administrative settings\System\Group Policy. Two options are available:

Merge mode   The user's "normal" GPOs are applied, then any overriding settings from the lockdown GPO take effect.

Replace mode   The user's "normal" GPOs are not applied, they only get the lockdown policies when logged into these laptops.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 2

Author Comment

by:amnhtech
ID: 18863783
I guess I should have been more clear.  I have created a special OU for these laptops and linked the policy to this OU.  However since the changes are in the user portion of the OU if the users are not in the OU that the policy is linked to the changes do not get applied.  The ou structure looks like this

Dept - +
           |
           Users
           |
           Computers
           |
           LockedDownLaptops

The Laptops are in the Locked... OU and the Users are in the Users OU

I am aware that we could link the policy to the Dept OU but we do not want all the computers in that OU to be affected by this policy

0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18863814
Link the "Lockdown GPO" to the Lockdownlaptops OU, and configure that GPO with the loopback setting I described above.  This will cause the user settings of that OU to get applied when users log onto only the laptops in that OU.
0
 
LVL 2

Author Comment

by:amnhtech
ID: 18863936
Thanks Laura for the answer I figured the answer was in the loopback processing but when I tried it I selected merge rather than replace.  Once I did what you said it worked exactly like I needed it to.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question