Categories
Group Policy Windows

Targeting User Group Policy Settings to a Specific Machine

Have you ever tried to set User Group Policies that you only want to work on a single machine or a set of machines? You will find that if you apply the group policy to a specific OU/Group of computers then unless the user accounts are in the same OU you will find that the User policies don’t get applied.

What you need is Loopback processing (See here for more details http://support.microsoft.com/kb/231287). Loopback processing is most often needed for kiosk type machine or common use computer lab scenarios.

Open up the Group Policy Object and navigate to “Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy“.

Open the “User Group Policy loopback processing mode” policy and set it to “Enabled“.

The next option is the “Mode” to use. Set the mode to “Replace” if you want no other User Policies to be in effect on the particular machines you are targeting, or “Merge” if you want all other User Policy settings to apply as well as the settings specified in the loopback policy.

I have been around Group Policy for a while and have never needed this setting before (the need for user targeted policies to a set of machines has never come up), so going through all the motions of setting policy security restrictions and changing the OU location of both the policy, the machines and the users in testing chewed up well over an hour of fiddling time. Setting a policy for loopback processing is easy, the hard part is realising that loopback processing is what you need to do in the first place.