How to stop Group Policy applying on a laptop and starting Outlook automatically

Posted on 2012-08-28
Medium Priority
Last Modified: 2012-09-07
We have an environment that uses a combination of fat and thin clients.   All users have a roaming profile that they use to log into our RDS servers.  Some users also have a fat client, also attached to the domain and on that they log in using the same roaming profile as on the RDS servers.

We have a Group Policy set up that starts Outlook when the users log in to the RDS server.  Lately we've found that on new laptops, when we set them up its also starting to apply the same Group Policy to the laptops as well as the RDS server.   I have a new laptop here today.  I added it to the domain and moved it to the Laptops group in AD, gave domain users Local Admin rights and then logged in as the intended end user for that laptop.  And Outlook loaded.  This isn't meant to happen.  Our users don't use Outlook locally, its only from within the RDS server that they use Outlook.

So somehow something has changed in my Group Policy that now makes this object apply to laptops where it never had before.  And it still doesn't on other laptops and with other users.

So our policies on the DC are set out so that they grouped in 'like' groups.  The policy with Outlook in it is called 'xUsers RDS Logon' and the Setting in question is:
User Configuration>Policies>>Administrative Template>System/Logon>Run these programs at user logon>C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe

Scope:  xUsers (AD container that all users are in) Enforced:No Link Enabled:Yes
xTerminalServers (AD container that all RDS Servers are in) Enforced:No Link Enabled:Yes

Security Filtering: xStaff (Security group for all staff)

Laptops are NOT in xTerminalServers, they're in another container called xLaptops.  Its not nested inside xTerminalServers.  Its on the same level.

I have done GP Modelling for many of the fat client users on their laptops and compared to the new ones and they all seem to have the same settings.  In fact they all show that this GPO applies to them.  But for some reason the new laptops it is actually applying the GPO whereas its not on the others.
All fat clients are Win7 Pro.

What I'm looking for is a way to stop Outlook loading on startup when you log into a laptop (that doesn't involve uninstalling it!).  Outlook must still load when they log into the RDS Server.  And ideally I'd like to fix the GPO so that it filters out anything thats NOT a member of the xTerminalServer group.

Question by:bosshognz
  • 4
  • 2
LVL 47

Expert Comment

ID: 38343796
What if you create a New OU for the Laptops does the policy still get applied?

If it does, is it possible the policy is being appleid to the logged on User OU, not the Client OU?
LVL 47

Expert Comment

ID: 38343803
Just another thouhgt here as well

When Office was installed on the PCs, was an Admin Setup or OCT used?

Could be possible in the initial install of Office Outlook Setup/Configuration/Behavior was customized

Author Comment

ID: 38343810
I think it is applied to the user not the client - it is a user configuration setting.  But how do I get it to only apply when logging into the xTerminal Servers?
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Expert Comment

ID: 38344303
move RDS user to one OU and the apply policy on that.
instead of applying all user.

Author Comment

ID: 38347608
Hi piyushranusri,  
All users are RDS users.  Some of those users are also fat client users.  We want All users to have Outlook load when they're logging into the RDS server, but we want it NOT to load when those users are logging into a fat client.

Accepted Solution

bosshognz earned 0 total points
ID: 38347884
Would applying the Loopback setting here solve my issue?  I'm reading this item: http://support.microsoft.com/kb/231287 and it seems to suggest this is what I should do, as I am trying to impose User Config based on Computers used.

What effect would it have on the other GPOs I have?  We have a good 20 GPOs - some for users and some for computers for all the different users and and roles who log into our system.  Or would it only affect the one GPO that it is set in?

Author Closing Comment

ID: 38375585
We created a new GPO and applied the Loopback policy to it.  All is good now.

Other suggestions wouldn't have solved my issue and noone answered my last question about Loopbacks being a viable solution.  We went ahead with it and it was.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
Take a look at these 6 Outlook Email management tools which can augment the working and performance of Microsoft Outlook to give you a more rewarding emailing experience.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question