Applying User Group Policy Restrictions to Particular PCs

In the below example I am applying a user level group policy restrictions to particular PCs only – aka loopback mode. For example you may want to setup a PC used just for internet access. When users log onto this PC they only have access to the internet whereas when they log onto their office PC they have full access to the machine.

In the below access I am setting up a number of branch office PCs which will only be used as Terminal Server clients.

1. Create a GPO and set permissions

  • Create a GPO and apply it to the GPO containing the computer accounts. In my example I have called the “GPO Remote PC Lockdown”
  • Select the GPO and click on the advanced button to show the permissions.
  • Make sure “read” and “apply” permissions are assigned to both the group of users who will be using this PC (“Citrix Users in my example”) and the computer account itself (“PC2175” in my example).
  • Note – I usually create a “deny” permission for the domain admins group to ensure this group policy isn’t applied when administrators log onto this PC.

2. Edit GPO

  • To make this work you must enable “loopback” mode in the GPO you have just created. Right click the GPO and select edit.
  • Navigate to the below option and make sure it is enabled.

3. Apply Restrictions.

You will no probably want to apply the “lockdown” restrictions. Please see me other article on options for this.

Leave a Reply

Your email address will not be published. Required fields are marked *