Solved

Group Policy - Applying User GPO Only When Logging Onto Specific Computers

Posted on 2013-05-21
5
806 Views
Last Modified: 2013-06-12
Good Afternoon All -

I've got a unique situation where I need to apply a user GPO to a few users - but - it only needs to be applied when they are logging into a specific few machines.  I tried loopback processing, but couldn't get it to work.  Below are the details.

Situation
I have 12 training workstations - each with a separate dedicated user.  These new training workstations will basically act as terminal clients as I've been asked to make them boot to Windows, immediatly load VMWare View Client, and not allow users to be able to do anything else locally.

I have gotten it all set up and working, but when I connect to the VMWare Host, (windows), the same user policy is still being applied.  I only want it to apply to the computers acting as clients.

OU Setup
- Training
   - Training Workstations
   - Training Users
   - Training VMs

GPO Setup
- Training User Lock Down (GPO #1) - Applied to "Training Users"
- Training Computer Lock Down (GPO #2) - Applied to "Training Workstations"
- Currently no GPO (inherits what's needed) - Training VMs

Each have desktop and mostly GUI settings enabled.  I tried enabling "User Group Policy loopback processing mode" and setting it to "Replace," but it didn't work.

Any Suggestions?  Thanks!
0
Comment
Question by:BzowK
5 Comments
 
LVL 7

Accepted Solution

by:
BT15 earned 500 total points
ID: 39185788
try applying the Training User lockdown to the Training Workstations OU. This will apply the settings only to users who log into those machines.

If you dont want those policies to apply to every user who logs into the Training Workstations, then you can use Security Filtering on the GPO to limit it to your Training Users (i.e. put them into a Training GPO security group and filter accordingly) or use a WMI filter to do the same.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39185915
Loopback processing is the right method, but I can't think what needs setting up without a test lab to run it in.

If you want user settings to be applied, you want to use Merge mode not Replace mode.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39186251
How about using group policy security filtering if its a computer policy allow access to only those workstation and remove authenticated users

http://www.windowsnetworking.com/articles-tutorials/windows-2003/Group-Policy-Security-Filtering.html
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 39242602
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question