Solved

Apply GPO to certain users only when logging into certain computer

Posted on 2014-04-22
3
1,645 Views
Last Modified: 2014-04-22
We have computer objects in one OU and user objects in another OU. We need users to get certain User Configuration settings when they log into certain computers. So we have a security group for that set of users and a security group for that set of computers. But the users are in an OU with other users the policy shouldn't apply to and the computers are in an OU with other computer objects that should not have this policy apply to. Moving the users or computers into new OUs is not an option for us unfortunately.

If I create a user configuration GPO and link it to the computer objects OU with a scope containing the group of computers to apply to plus a group with the users to apply to will it only apply to those users when they log into those computers?
0
Comment
Question by:DITGUY
  • 2
3 Comments
 
LVL 30

Expert Comment

by:Gareth Gudger
ID: 40015143
Apply the policy to the computers OU. Then configuring the GPO to Merge or Replace. This will give you what you are looking for.

You can go into the Advanced section and apply permissions, so only the User Security Group and Computer Security Group have Read and Apply GPO permissions.

Make sure you remove the other security groups such as Everyone or Authenticated Users. Or, set those groups to Deny Read / Apply GPO.
0
 

Author Comment

by:DITGUY
ID: 40015153
I saw this article. I assume it's what you're referring to. http://technet.microsoft.com/en-us/library/cc782810%28v=ws.10%29.aspx

If I configure LBP with merge will it apply all the GPOs from the user's OU plus the ones in the computer OU that are user configuration settings and let those be the final result for any conflicts?

I don't fully understand replace vs merge.
0
 
LVL 30

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40015171
Yes.

If you set Merge on the GPO that is assigned to the Computers OU, it will try and merge all user configurations of all GPOs that user has. However, the computer GPO will take precedence. So if two policies have the same setting on one item, the Merge Policy should overwrite that one setting. All other settings from every GPO will be applied, if there is no conflict.

If you use Replace the entire policy on the Computer OU is used. It completely overrides the policy on the user OU, regardless of any conflicts or not.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now