Today, I wanted to apply some Group Policy settings to users who login to certain computers in an OU. More specifically, I wanted to create a Scheduled Task for users who log into servers. I have found in my research that this is technically called Loopback Processing of Group Policy. Using this feature of Group Policies, you can apply a User based GPO to users who log into applied computers.
The first thing I did was build out my Group Policy like I wanted, just like a normal GPO. I created some Scheduled Tasks that would run as the user and would be created when they login.
Next, I turned on the setting that applied the GPO to Users as well. Navigate to Computer Configuration – Policies – Administrative Templates – System – Group Policy.
From within there, you will find the policy labeled: Configure user Group Policy loopback processing mode. Set that setting to enabled. Below is the Help Section of the group policy setting. Here is a link to the related Microsoft article. You may want to do more research before you turn this setting on, as I only tested it in my Home Lab. It could have more far-reaching changes that I am unaware of.
This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.
By default, the user’s Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user logs on to this computer, the computer’s Group Policy Objects determine which set of Group Policy Objects applies.
If you enable this setting, you can select one of the following modes from the Mode box:
“Replace” indicates that the user settings defined in the computer’s Group Policy Objects replace the user settings normally applied to the user.
“Merge” indicates that the user settings defined in the computer’s Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer’s Group Policy Objects take precedence over the user’s normal settings.
If you disable this setting or do not configure it, the user’s Group Policy Objects determines which user settings apply.
Note: This setting is effective only when both the computer account and the user account are in at least Windows 2000 domains.