Applying different GP objects based on computer name


  • Hello everyone

    I have a question regarding GPO

    We have huge environment, with about 3500 users. Some of users works on thin clients some of them on workstation with Windows 7 Pro installed. But some of them (about 100 users) which use both Thin Clients and Workstation.

    We have many Group Policies, different for Thin Clients and Workstation users. For example we have Folder Redirection policy for thin clients folders which redirects Desktop and Documents folder to local File Server. Alo we deploy Profile path (we use Roaming user profiles)  In common, we have 21 sites. In each site we have local DC, local file server and local terminal Servers

    Each site has it own branch offices. The problem is here. The users of these branch offices, has no local DC and local FS, and moreover, the working on Workstation (domain joined computers) and at the evening everyone  who worked on domain joined computers now want to work on thin clients. In the morning the work again on Workstation but, to let them work on workstation, we do next

    • we move user to appropriate Security Group / Allow Log On Locally to policy enabled on domain Joined computers
    • we remove profile path

    to let them work on thin client we do next

    • we move user to appropriate OU, make hime member of required Security Group to allow him to logon on remotely on terminal Server, 
    • we enable profile path

    The problem is that when we move the user around Security Groups or OUs, or when when we remove or writhe back Profile Path, the settings for branch offices applies too late, because there no local DC. It takes something about 2-3 hours. 

    So is there any way to apply the different GP objects based on computer name?

    Vusal M. Dadashzadeh

    Tuesday, March 01, 2016 7:57 AM