I'm trying to create a GPO with loopback processing to run a login script for all users per computer.
I have a GPO attached to a workstation OU and enabled loopback processing in replace mode. Under security filtering I have entered only the affected computers with Read/Apply. GPresult shows me it is attaching the computer security group but under user the policy shows Test_GPO Filtering: Denied (Security). If the user account that is logging in is then added to security filtering it works. Why? Doesn't this defeat the purpose of loopback? How can I attach it per computer?
Our directory is already separated in OUs so creating new containers is not a usable solution.
I have read m$ kb 260370 and method 2 appears to be exactly what i'm trying to do.
"The computer account of the terminal server should be added to the security properties of the GPO being created for the loopback. To do this, follow these steps:
1. Select the GPO that is created for the loopback, and then click Properties.
2. Click the Security tab, and then click Add.
3. In the Select Users, Computers, or Groups box, select the computer account, and then click OK.
4. Click the computer account from the Group or user names box.
5. In the Permissions for computer name box, click to select the Read and Apply Group Policy check boxes in the Allow column.
6. Click OK two times to close and save the policy settings."