GPO to workstations only
I have a student and staff GPO setup, and they work well. Controlling desktops, start menus, security etc. They are currently applied to OU's containing staff and students.
What I want is for the GPO to only apply if a users logs-on to a certain workstation - i.e. in the suite or onto a netbook. This is mostly for the staff who I want to allow control of their own laptop, but are then under control of a GPO when they log onto a computer in the suite or Netbook
Most of the restrictions in the GPO are under USER so wont apply to a workstation only. But I do I set-up a policy that allows a teacher total control of their own laptop but enforces restrictions if they log onto a suite computer.
I think you need to setup a gpo with users settings on the PC OU and enable User Group Policy LoopBack processing mode under computer config/admin templates/system/group policy.
That should do it (i think!)
You're right - I couldn't find it for Server 2008 but apparently that's because it's a bit of a hidden feature left over from W2000 Terminal Services. Works though. See here for more info.
Originally Posted by glennda
Many thanks glennda / timzim, that appears to have done the trick - just need to test it on a number of PC's including Win7 and then on a teachers laptop that not in the suite OU. Again many thanks.
No Problem - Its how we are going to deploy printers per ou (hopefully!)