1

I made two Organizational Unit in my domain

  • Thin Clients (there are the physical computer objects)

  • Virtual Clients (there are the virtual computer objects)

And I have the default

  • Users (there are the user and group accounts, etc.)

I want to apply different "User Configuration" GPOs on the two OU-s based on where the user is logged in. (In a lucky situation the user is logged in both of the computers, the physical and the virtual one too.)

So I want to hide all programs, restrict as many resources that I can on the physical computer and I want to apply some other GPO "User Configuration" GPOs on the virtual computer. (I do not want to apply the restrictions on the virtual computer which are applied to the physical one.)

What is the best way to achieve this?? Thanks!

gazsiazasz
  • 133
  • 1
  • 5

1 Answers1

2

You're looking for Loopback Group Policy Processing. (That article mentions Windows Server 2003, but it still applies to current versions of Windows Server and client operating systems.)

Loopback Group Policy processing allows you to augment (in "Merge" mode) or replace (in-- ahem-- "Replace" mode) the settings that a user would normally receive based on the locatin of the computer object that represents the computer they're using to logon.

I wrote about a similar need in another answer and, though the question doesn't look the same as yours the functional need is actually very similar.

Community
  • 1
Evan Anderson
  • 141,881
  • 20
  • 196
  • 331