asked on

Exclude user based Group Policy to a Machine

Is it possible to exclude a group policy from running on a machine even though the policy is user based? What I am hoping to accomplish is this:

User A has a desktop PC and a laptop.

There are some policies enabled for Mapped drives and folder redirection for the entire office.

I want to prevent the laptop(s) from receiving these policies since I will be using WebDav to mount drive letters when the user is roaming.

I have tried to add the user's laptop in the delegation tab and set a deny permission but that does not seem to work.
2014-08-19-07-25-15.png

Liam Somerville

If you're looking to apply different user policies based on the computer a user is logging on to, you're going to be working with loopback processing.

If you're new to this, it might twist your brain a little. You apply a GPO to the machine that enabled loopback processing. This will cause the machine to apply any user GPOs that are linked to its OU during a user's logon.

Here's what you need to do:

1. Apply and link Loopback Processing GPO to laptop OU

2. Link a user policy disabling mapped drives/folder redirection to the laptop OU

That's it! The trick is to make sure you're applying the user policy to the laptop's OU, but other than that everything is just Group Policy 101.

finkeltron

ASKER

I don't see Loopback processing in GPedit. The instructions you sent apply to Windows 2000 to 2003. I'm running 2012R2
2014-08-19-09-37-43.png

Liam Somerville

Should be in the same place as previous versions of Windows. I don't have a 2012 DC available at the moment but can spin one up if need be. Can you check this location first?

Computer Configuration\Policies\Administrative Templates\System\Group Policy
Setting\User Group Policy loopback processing mode

ASKER CERTIFIED SOLUTION

Liam Somerville

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial