Deny Group Policy based on Computers


Eric Romero


We have a group of pc's that I need to lockdown(hide icons, restrict access
to drives etc). All users log in as the same username. I set up the group
policy on the OU that the username resides. The group policy only uses the
User Configuration settings, so I checked off to disable the Computer
Config. All seemed to work as expected. Until i was told there are a few
machines that should not be locked down. I created a secruity group
including those machines and selected deny to apply group policy security
setting. However this does not seem to work as the policy is still getting

Is there a way to prevent the group policy from being applied to certain

Steven Umbach

Hi Eric. You might try to implement Group Policy loopback processing on those
machines. You will probably want to create an OU for those machines. Loopback
processing applies user configuration from the OU that the computer is in to any
user that logs onto that computer with either a merge or replace mode. See link
to KB article. --- Steve;en-us;231287

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question