Security Filtering Question

[ahcash]

Hi All,

I am wondering if someone can comment on the best way to implement security filtering in the following situation.

GPO: User configuration settings #1.
OU: Computer
A.D Group: Sales PCs


Restriction:
1. I can only apply to Computer OU
2. I only want to apply this to Sales PCs.


So, I created an AD security group called (Sales PCs)

Computer OU <----- User Configuration Settingss #1

What would be the scope in the security filtering? Obviously I have to remove the Authenticated Users group. If I just put in Sales PC into the scope, The GPO doesn't apply because it's a user configuration settings. (you do a GP result and the GPO is Inaccessible). I am guessing because there are no users in the scope to process the GPO.

I tried the following and got into trouble. All Users pick up the settings.
Domain Users$
Sales PCs.

Anyone?

[edusysadmin]

You will need to use loopback (merge or replace). Configuring loopback will mean that the user side will be processed at login on the specified computers. The scope of the GPO must reflect the computers and users to be effected, so if the policy applies to all users who log into the sales PCs leave authenticated users in the scope and add the sales PC security group.

Loopback can have odd effects on XP, but not Vista/7. If you have multiple loopback policies scooped within a single OU under XP its not clear which of them will be applied even if the scoping shouldnt effect the user. In my experience Vista/7 do not have this issue.