Exclude user based Group Policy to a Machine

Posted on 2014-08-19
Last Modified: 2014-10-24
Is it possible to exclude a group policy from running on a machine even though the policy is user based? What I am hoping to accomplish is this:

User A has a desktop PC and a laptop.

There are some policies enabled for Mapped drives and folder redirection for the entire office.

I want to prevent the laptop(s) from receiving these policies since I will be using WebDav to mount drive letters when the user is roaming.

I have tried to add the user's laptop in the delegation tab and set a deny permission but that does not seem to work.
Question by:finkeltron
    LVL 3

    Expert Comment

    by:Liam Somerville
    If you're looking to apply different user policies based on the computer a user is logging on to, you're going to be working with loopback processing.

    If you're new to this, it might twist your brain a little. You apply a GPO to the machine that enabled loopback processing. This will cause the machine to apply any user GPOs that are linked to its OU during a user's logon.

    Here's what you need to do:

    1. Apply and link Loopback Processing GPO to laptop OU

    2. Link a user policy disabling mapped drives/folder redirection to the laptop OU

    That's it! The trick is to make sure you're applying the user policy to the laptop's OU, but other than that everything is just Group Policy 101.

    Author Comment

    I don't see Loopback processing in GPedit. The instructions you sent apply to Windows 2000 to 2003. I'm running 2012R2
    LVL 3

    Expert Comment

    by:Liam Somerville
    Should be in the same place as previous versions of Windows. I don't have a 2012 DC available at the moment but can spin one up if need be. Can you check this location first?

    Computer Configuration\Policies\Administrative Templates\System\Group Policy
    Setting\User Group Policy loopback processing mode
    LVL 3

    Accepted Solution

    Here's a pretty good article on the topic — Server 2012-specific — looks like they changed the setting name slightly.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    In my previous Experts Exchange Articles (, most have featured Basic and Intermediate VMware Topics.  As a Virtualisation Consultant, we implement many different virtual…
    The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
    In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now