Score:1

Can you apply user group policy to be valid only on a server but not workstations?

jp flag

I've applied user policy to remove ctrl+alt+del on a Citrix server but the user doesn't have it on their laptop either.

Is there a way to apply user group policy selectively, based on a device?

Note: applying the policy to the computer object doesn't work since it's a user policy

joeqwerty avatar
cv flag
**Is there a way to apply user group policy selectively, based on a device?** - Yes, using loopback policy processing.
Pimp Juice IT avatar
ch flag
You should also be able to create a group in AD named "Servers xyz" or something to that affect, then add the computer AD object to the group. Use the GPO advanced security, remove 'authenticated users' and replace it with 'domain users' since the computer object (e.g. `SERVER01$` ) is a member of 'Authenticated Users' but not 'Domain Users' but your AD user accounts are a member of 'Domain Users'. Then you use the GPO advanced security 'Delegation' and grant DENY to all for the new AD group containing servers you created (e.g. `Servers xyz`).
Pimp Juice IT avatar
ch flag
Once you set those things up, be sure to run `repadmin syncall /AdeP` from one of your domain controllers, then run `gpupdate /force` on the server, and then reboot the server. Now log into the server and confirm it does not apply to the servers. Or if I said that all backward, set up AD group for `Computers xyz` and add them to the group, and do all those things I mentioned for that group to the correlated GPO. Should work just fine, I've done similar things in the past using security filtering with explicit DENY so it cannot apply GPO since both computer and user needs access for user policy
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.