Skip navigation

How can I force a user to use a machine-specific Group Policy rather than a user-specific Group Policy?

A. Typically, the settings that the OS applies when a user logs on are based on the user's account container (e.g., a domain, a site, an organizational unit--OU), regardless of which container the user's machine belongs to. In some instances, you might want to forgo using this default behavior and instead associate a user's settings with the location of the user's computer within Active Directory (AD). For example, you might want to set a strict, defined set of policies for a publicly accessible computer, regardless of who logs on to that computer.

To establish machine-specific settings, use Group Policy to set the computer's container to "loopback" mode--so that the computer's client settings take precedence--by performing the following steps:

  1. Start Group Policy Editor (GPE) and load the policy that affects the computer whose behavior you want to modify (alternatively, you can start the Microsoft Management Console--MMC--Active Directory Users and Computers snap-in, right-click the container, select Properties, then select the Group Policy tab).
  2. Expand the Computer Configuration, Administrative Templates, System, Group Policy branches.
  3. Double-click the "Loopback Policy" option (or "User Group Policy loopback processing mode" in Windows .NET Server--Win.NET Server).
  4. Select the Enabled option, then select the Mode:
    • Merge Mode--loads a user's normal settings first, then loads any settings based on the computer's location, thus overwriting any conflicting user settings
    • Replace Mode--loads only settings based on the computer's location
  5. Click OK.
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish