Solved

Group Policy - Applying User GPO Only When Logging Onto Specific Computers

Posted on 2013-05-21
5
801 Views
Last Modified: 2013-06-12
Good Afternoon All -

I've got a unique situation where I need to apply a user GPO to a few users - but - it only needs to be applied when they are logging into a specific few machines.  I tried loopback processing, but couldn't get it to work.  Below are the details.

Situation
I have 12 training workstations - each with a separate dedicated user.  These new training workstations will basically act as terminal clients as I've been asked to make them boot to Windows, immediatly load VMWare View Client, and not allow users to be able to do anything else locally.

I have gotten it all set up and working, but when I connect to the VMWare Host, (windows), the same user policy is still being applied.  I only want it to apply to the computers acting as clients.

OU Setup
- Training
   - Training Workstations
   - Training Users
   - Training VMs

GPO Setup
- Training User Lock Down (GPO #1) - Applied to "Training Users"
- Training Computer Lock Down (GPO #2) - Applied to "Training Workstations"
- Currently no GPO (inherits what's needed) - Training VMs

Each have desktop and mostly GUI settings enabled.  I tried enabling "User Group Policy loopback processing mode" and setting it to "Replace," but it didn't work.

Any Suggestions?  Thanks!
0
Comment
Question by:BzowK
5 Comments
 
LVL 7

Accepted Solution

by:
BT15 earned 500 total points
Comment Utility
try applying the Training User lockdown to the Training Workstations OU. This will apply the settings only to users who log into those machines.

If you dont want those policies to apply to every user who logs into the Training Workstations, then you can use Security Filtering on the GPO to limit it to your Training Users (i.e. put them into a Training GPO security group and filter accordingly) or use a WMI filter to do the same.
0
 
LVL 15

Expert Comment

by:Rob Stone
Comment Utility
Loopback processing is the right method, but I can't think what needs setting up without a test lab to run it in.

If you want user settings to be applied, you want to use Merge mode not Replace mode.
0
 
LVL 18

Expert Comment

by:sarang_tinguria
Comment Utility
How about using group policy security filtering if its a computer policy allow access to only those workstation and remove authenticated users

http://www.windowsnetworking.com/articles-tutorials/windows-2003/Group-Policy-Security-Filtering.html
0
 
LVL 59

Expert Comment

by:LeeTutor
Comment Utility
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now