• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 826
  • Last Modified:

Group Policy - Applying User GPO Only When Logging Onto Specific Computers

Good Afternoon All -

I've got a unique situation where I need to apply a user GPO to a few users - but - it only needs to be applied when they are logging into a specific few machines.  I tried loopback processing, but couldn't get it to work.  Below are the details.

Situation
I have 12 training workstations - each with a separate dedicated user.  These new training workstations will basically act as terminal clients as I've been asked to make them boot to Windows, immediatly load VMWare View Client, and not allow users to be able to do anything else locally.

I have gotten it all set up and working, but when I connect to the VMWare Host, (windows), the same user policy is still being applied.  I only want it to apply to the computers acting as clients.

OU Setup
- Training
   - Training Workstations
   - Training Users
   - Training VMs

GPO Setup
- Training User Lock Down (GPO #1) - Applied to "Training Users"
- Training Computer Lock Down (GPO #2) - Applied to "Training Workstations"
- Currently no GPO (inherits what's needed) - Training VMs

Each have desktop and mostly GUI settings enabled.  I tried enabling "User Group Policy loopback processing mode" and setting it to "Replace," but it didn't work.

Any Suggestions?  Thanks!
0
BzowK
Asked:
BzowK
1 Solution
 
BT15Commented:
try applying the Training User lockdown to the Training Workstations OU. This will apply the settings only to users who log into those machines.

If you dont want those policies to apply to every user who logs into the Training Workstations, then you can use Security Filtering on the GPO to limit it to your Training Users (i.e. put them into a Training GPO security group and filter accordingly) or use a WMI filter to do the same.
0
 
Rob StoneCommented:
Loopback processing is the right method, but I can't think what needs setting up without a test lab to run it in.

If you want user settings to be applied, you want to use Merge mode not Replace mode.
0
 
Sarang TinguriaSr EngineerCommented:
How about using group policy security filtering if its a computer policy allow access to only those workstation and remove authenticated users

http://www.windowsnetworking.com/articles-tutorials/windows-2003/Group-Policy-Security-Filtering.html
0
 
LeeTutorretiredCommented:
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now