Exclude user based Group Policy to a Machine

Is it possible to exclude a group policy from running on a machine even though the policy is user based? What I am hoping to accomplish is this:

User A has a desktop PC and a laptop.

There are some policies enabled for Mapped drives and folder redirection for the entire office.

I want to prevent the laptop(s) from receiving these policies since I will be using WebDav to mount drive letters when the user is roaming.

I have tried to add the user's laptop in the delegation tab and set a deny permission but that does not seem to work.
2014-08-19-07-25-15.png
finkeltronAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Liam SomervilleSenior Security ConsultantCommented:
If you're looking to apply different user policies based on the computer a user is logging on to, you're going to be working with loopback processing.

If you're new to this, it might twist your brain a little. You apply a GPO to the machine that enabled loopback processing. This will cause the machine to apply any user GPOs that are linked to its OU during a user's logon.

Here's what you need to do:

1. Apply and link Loopback Processing GPO to laptop OU

2. Link a user policy disabling mapped drives/folder redirection to the laptop OU


That's it! The trick is to make sure you're applying the user policy to the laptop's OU, but other than that everything is just Group Policy 101.
0
finkeltronAuthor Commented:
I don't see Loopback processing in GPedit. The instructions you sent apply to Windows 2000 to 2003. I'm running 2012R2
2014-08-19-09-37-43.png
0
Liam SomervilleSenior Security ConsultantCommented:
Should be in the same place as previous versions of Windows. I don't have a 2012 DC available at the moment but can spin one up if need be. Can you check this location first?

Computer Configuration\Policies\Administrative Templates\System\Group Policy
Setting\User Group Policy loopback processing mode
0
Liam SomervilleSenior Security ConsultantCommented:
Here's a pretty good article on the topic — Server 2012-specific — looks like they changed the setting name slightly.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.