Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Group Policy - Applying User GPO Only When Logging Onto Specific Computers

Posted on 2013-05-21
5
Medium Priority
?
820 Views
Last Modified: 2013-06-12
Good Afternoon All -

I've got a unique situation where I need to apply a user GPO to a few users - but - it only needs to be applied when they are logging into a specific few machines.  I tried loopback processing, but couldn't get it to work.  Below are the details.

Situation
I have 12 training workstations - each with a separate dedicated user.  These new training workstations will basically act as terminal clients as I've been asked to make them boot to Windows, immediatly load VMWare View Client, and not allow users to be able to do anything else locally.

I have gotten it all set up and working, but when I connect to the VMWare Host, (windows), the same user policy is still being applied.  I only want it to apply to the computers acting as clients.

OU Setup
- Training
   - Training Workstations
   - Training Users
   - Training VMs

GPO Setup
- Training User Lock Down (GPO #1) - Applied to "Training Users"
- Training Computer Lock Down (GPO #2) - Applied to "Training Workstations"
- Currently no GPO (inherits what's needed) - Training VMs

Each have desktop and mostly GUI settings enabled.  I tried enabling "User Group Policy loopback processing mode" and setting it to "Replace," but it didn't work.

Any Suggestions?  Thanks!
0
Comment
Question by:BzowK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 7

Accepted Solution

by:
BT15 earned 2000 total points
ID: 39185788
try applying the Training User lockdown to the Training Workstations OU. This will apply the settings only to users who log into those machines.

If you dont want those policies to apply to every user who logs into the Training Workstations, then you can use Security Filtering on the GPO to limit it to your Training Users (i.e. put them into a Training GPO security group and filter accordingly) or use a WMI filter to do the same.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39185915
Loopback processing is the right method, but I can't think what needs setting up without a test lab to run it in.

If you want user settings to be applied, you want to use Merge mode not Replace mode.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39186251
How about using group policy security filtering if its a computer policy allow access to only those workstation and remove authenticated users

http://www.windowsnetworking.com/articles-tutorials/windows-2003/Group-Policy-Security-Filtering.html
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 39242602
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question