Group Policy - Applying User GPO Only When Logging Onto Specific Computers

Good Afternoon All -

I've got a unique situation where I need to apply a user GPO to a few users - but - it only needs to be applied when they are logging into a specific few machines.  I tried loopback processing, but couldn't get it to work.  Below are the details.

I have 12 training workstations - each with a separate dedicated user.  These new training workstations will basically act as terminal clients as I've been asked to make them boot to Windows, immediatly load VMWare View Client, and not allow users to be able to do anything else locally.

I have gotten it all set up and working, but when I connect to the VMWare Host, (windows), the same user policy is still being applied.  I only want it to apply to the computers acting as clients.

OU Setup
- Training
   - Training Workstations
   - Training Users
   - Training VMs

GPO Setup
- Training User Lock Down (GPO #1) - Applied to "Training Users"
- Training Computer Lock Down (GPO #2) - Applied to "Training Workstations"
- Currently no GPO (inherits what's needed) - Training VMs

Each have desktop and mostly GUI settings enabled.  I tried enabling "User Group Policy loopback processing mode" and setting it to "Replace," but it didn't work.

Any Suggestions?  Thanks!
Who is Participating?
BT15Connect With a Mentor Commented:
try applying the Training User lockdown to the Training Workstations OU. This will apply the settings only to users who log into those machines.

If you dont want those policies to apply to every user who logs into the Training Workstations, then you can use Security Filtering on the GPO to limit it to your Training Users (i.e. put them into a Training GPO security group and filter accordingly) or use a WMI filter to do the same.
Rob StoneCommented:
Loopback processing is the right method, but I can't think what needs setting up without a test lab to run it in.

If you want user settings to be applied, you want to use Merge mode not Replace mode.
Sarang TinguriaSr EngineerCommented:
How about using group policy security filtering if its a computer policy allow access to only those workstation and remove authenticated users
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.