Problem

With great AD organization comes burdensome Group Policy management. Specifically, when computers need software. Maybe that software isn't smart enough to place the correct registry key in the ALL_USERS registry space. Users who log in, don't have the needed registry keys for the software.

A solution would be to find the registry keys, import them to group policy, and apply them to the User Configuration. By default, User Configuration will only be applied if this GP setting is sitting on the user's OU. We only want this policy on specific computers, not all users. We also don't want to go on each computer and set a local policy using gpedit.msc..

Solution

Group Policy has a setting called "loopback", when this policy is enabled on a computer, the computer will loopback to the User Configuration and apply those settings that are scoped to the Computer's OU. Why this isn't enabled by default? No idea.

To set user configuration per computer, follow these steps:

  • In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
  • Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.