none
GPO machine and user

    Question

  • Hello,

    I want to apply a machine GPO to disable access to the removable devices on all my computers. It's easy

    Then, I want to allow some user to access the removables devices. I create a user GPO that enable access to the removable devices, the GPO is filtered on a specific group. If the user belongs to the group, the user GPO is applied.

    How to make the user GPO overtakes the machine GPO? Is there an other way to achieve this purpose?

    Thx

    Monday, June 27, 2016 9:50 AM

Answers

  • Hi,

    I do not think it is possible as the major premise is you have a machine GPO to disable access to the removable devices on all my computers.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 29, 2016 7:34 AM
    Moderator

All replies

  • Hi,

    Thanks for your post.

    According to my research, a GPO is divided into two part: Computer Configuration & User Configuration.

    If we configure the settings under User Configuration, these settings apply to user accounts, regardless of which computer they log onto.

    If we configure the settings under Computer Configuration, these settings apply to computer accounts, regardless of which user logs onto the computer.

    However, when there is conflicting settings existing in the same GPO, as suggested by Martin in the following thread:
    “If conflicting settings exist, it depends on the individual setting and windows component which setting will win. Most times, it will be the computer setting. Loopback does NOT change this behaviour.”

    computer configuration conflict with user configuration

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/423c12e8-8303-48d0-b8ac-5a8d46e71137/computer-configuration-conflict-with-user-configuration?forum=winserverGP

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 28, 2016 5:22 AM
    Moderator
  • Yes, I totally agree with your.To my anderstanding Computer GPO ALWAYS win

    Is there an other way to do it. How to configure a group of user to not apply a computer policy? is it juste possible?

    Tuesday, June 28, 2016 12:31 PM
  • Hi,

    I do not think it is possible as the major premise is you have a machine GPO to disable access to the removable devices on all my computers.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 29, 2016 7:34 AM
    Moderator