JSI Tip 2582. Apply Group Policy based upon which computer the user logs on to.

Normally, Group Policy is applied to a user or computer based on where in the Active Directory the objects are located (OU).

If you have some special use computers and required the application based soley upon the location of the computer object, use the Group Policy loopback feature:

1. Press Computer Configuration in the MMC.

2. Select Administrative Templates / System / Group Policy and enable the Loopback Policy option.

This causes the GPOs for the compter to apply to any user that logs on. It only works in a pure Windows 2000 domain and the client computer must be Windows 2000.

With loopback, you can specify how the list of GPOs is retrieved if a user logs onto a computer in a specific OU:

Merge Mode - When the user logs on, the user's list of GPOs is gathered normally. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer's GPOs to have higher precedence than the user's GPOs.

Replace Mode - The user's list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish