I have a very convoluted issue that I can't seem to solve.
We are upgrading our environment to IE 11 from IE 8. In the past we have used IEAK distribution files to apply two different sets of configurations. The main difference between them is the proxy settings. Users at our main location have this blank and at our remote locations have the settings for our proxy server.
We are trying to move to a GPO solution for this. So, I have set up two GPOs; one for local and one for remote. The only difference between them is the proxy settings. All of our computers are in one OU and all our users are in another OU. To resolve this issue I have set up a loopback policy in the computer config section of each GPO and set the IE changes in the user section as that's the only place I can set them (Who thought of that stupidity?). Then I have filtered each GPO by a security group that has the pertinent PCs in them. So all the ones at our main location are in a local SG and the remote ones in a remote SG. We have a utility that can determine location based on IP and create the security groups appropriately. I then apply both GPO's to the OU containing the machines. I found that this doesn't work. Even though I have the loopback set, basically the GPO doesn't change the IE settings. If I add in the Domain Users group as a filter then all the local ones are OK, but the remote ones are getting the GPO for the local settings.