I need to apply a GPO that contains user settings, on a specific subset of computers. (Fixing some invalid user\\printer settings). The users are in their own OU, as are the computers. The policy should apply to any user login to that group of computers.<\/p>\n

Advertisement

Close

The only way I have been able to get this to run correctly (in testing) was to link the GPO in the User OU, and then use WMI filtering to target specific computers. I have some questions that I did not understand while testing, hoping someone can clarify:<\/p>\n

\n
1. I attempted to use security filtering, setting authenticated users to read, and the computer object to apply; but the policy did not load, is there a reason why?<\/li>\n
2. Is WMI filtering my only option here?<\/li>\n
3. Is it possible to WMI filter by OU membership?<\/li>\n
4. If not, would creating a security group and attaching all the computers be the easiest route (most performant?)<\/li>\n<\/ol>","upvoteCount":1,"answerCount":3,"datePublished":"2025-03-04T20:23:43.630Z","author":{"@type":"Person","name":"danhaddad","url":"https://community.spiceworks.com/u/danhaddad"},"suggestedAnswer":[{"@type":"Answer","text":"
   

   Advertisement

   Close

   I need to apply a GPO that contains user settings, on a specific subset of computers. (Fixing some invalid user\\printer settings). The users are in their own OU, as are the computers. The policy should apply to any user login to that group of computers.<\/p>\n

   The only way I have been able to get this to run correctly (in testing) was to link the GPO in the User OU, and then use WMI filtering to target specific computers. I have some questions that I did not understand while testing, hoping someone can clarify:<\/p>\n

   \n
   1. I attempted to use security filtering, setting authenticated users to read, and the computer object to apply; but the policy did not load, is there a reason why?<\/li>\n
   2. Is WMI filtering my only option here?<\/li>\n
   3. Is it possible to WMI filter by OU membership?<\/li>\n
   4. If not, would creating a security group and attaching all the computers be the easiest route (most performant?)<\/li>\n<\/ol>","upvoteCount":1,"datePublished":"2025-03-04T20:23:43.693Z","url":"https://community.spiceworks.com/t/apply-user-gpo-to-computers-linked-in-specific-gpo/1181997/1","author":{"@type":"Person","name":"danhaddad","url":"https://community.spiceworks.com/u/danhaddad"}},{"@type":"Answer","text":"

      Why do you need to restrict the policy to only a subset of devices, if the settings are user based, do you not want those settings to follow the users?<\/p>","upvoteCount":0,"datePublished":"2025-03-04T20:34:02.408Z","url":"https://community.spiceworks.com/t/apply-user-gpo-to-computers-linked-in-specific-gpo/1181997/2","author":{"@type":"Person","name":"Rod-IT","url":"https://community.spiceworks.com/u/Rod-IT"}},{"@type":"Answer","text":"

      You want to apply the user GPO to the computers OU but then you need to enable loopback processing. Administrative Templates<\/strong>, select System<\/strong>, select Group Policy<\/strong>, and then enable the option Configure user Group Policy loopback processing mode<\/strong>.<\/p>\n