finkeltron
asked on
Exclude user based Group Policy to a Machine
Is it possible to exclude a group policy from running on a machine even though the policy is user based? What I am hoping to accomplish is this:
User A has a desktop PC and a laptop.
There are some policies enabled for Mapped drives and folder redirection for the entire office.
I want to prevent the laptop(s) from receiving these policies since I will be using WebDav to mount drive letters when the user is roaming.
I have tried to add the user's laptop in the delegation tab and set a deny permission but that does not seem to work.
2014-08-19-07-25-15.png
User A has a desktop PC and a laptop.
There are some policies enabled for Mapped drives and folder redirection for the entire office.
I want to prevent the laptop(s) from receiving these policies since I will be using WebDav to mount drive letters when the user is roaming.
I have tried to add the user's laptop in the delegation tab and set a deny permission but that does not seem to work.
2014-08-19-07-25-15.png
ASKER
I don't see Loopback processing in GPedit. The instructions you sent apply to Windows 2000 to 2003. I'm running 2012R2
2014-08-19-09-37-43.png
2014-08-19-09-37-43.png
Should be in the same place as previous versions of Windows. I don't have a 2012 DC available at the moment but can spin one up if need be. Can you check this location first?
Computer Configuration\Policies\Adm inistrativ e Templates\System\Group Policy
Setting\User Group Policy loopback processing mode
Computer Configuration\Policies\Adm
Setting\User Group Policy loopback processing mode
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you're new to this, it might twist your brain a little. You apply a GPO to the machine that enabled loopback processing. This will cause the machine to apply any user GPOs that are linked to its OU during a user's logon.
Here's what you need to do:
1. Apply and link Loopback Processing GPO to laptop OU
2. Link a user policy disabling mapped drives/folder redirection to the laptop OU
That's it! The trick is to make sure you're applying the user policy to the laptop's OU, but other than that everything is just Group Policy 101.