Apply group policies per machine
Yesterday, in a windows network and resource planning session, i’ve realized that my company have the need of segmentation for computer and lan usage, depending on department user affiliation.
In our case the policy to be applied must be per machine instead the usual per-user policy.
For the first moment we get in trouble. In fact the usual group policy we have ever applied was per-user(it’s simple by the windows server mmc snap-in).
I found some links very useful:
http://www.petri.co.il/forums/showthread.php?t=39069
The trick is on a particular field of Group Policy options: group policy Loopback Processing
Link from microsoft: http://support.microsoft.com/kb/231287
With this option we gain a process of policy application with very interesting results, in fact the policies were applied to a user on a particular location(computer). In this case the GP object must be linked on a computer object on the domain tree enclosed (in case) inside organizational unit.
N.b. after the link of a GPO to an OU, on the physical machine the best is to run the command gpupdate /force, to apply the changes fast. Another tool to verify the results is “gpresults” always by command line.