This can be done already.
-----Original Message----- From: Brian Desmond [mailto:[email protected]] Sent: Monday, August 03, 2009 5:01 PM To: NT System Admin Issues Subject: RE: GPO for a single user PSS and your account team can both assist in filing a DCR on your behalf... Thanks, Brian Desmond [email protected] c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Monday, August 03, 2009 4:27 PM To: NT System Admin Issues Subject: GPO for a single user Hey list, To the best of my knowledge, there is no way to create a GPO for a particular user account. You can, of course, create a GPO linked to the OU containing that user account, and then set "permissions" on the GPO such that only that user has the "Apply Group Policy" permission for that GPO. But ultimately, it's still a GPO associated with an OU. We have occasional "one-off" GPOs. They get applied to a single role account used for automation that needs a logoff script custom to the application. (We could detect the user name in a more global logoff script, I suppose, but that's even less elegant.) I was thinking an individual user GPO would be a convenient feature to have. It would be somewhat analogous to the "machine local GPO" that currently exists for computers. You can edit that GPO by logging into the computer and running GPEDIT.MSC. It applies to the local machine only. It would be nice if user accounts had something like like that. Maybe a "User GPO" button on the "Account" tab or whatever. If someone knows of a better way with existing tools, please feel free to hit me with a cluebat. Anyone know how one would submit this as a suggestion to Microsoft? Last I went looking, [email protected] had been shut down. There was a sort-of replacement at <http://connect.microsoft.com>, but it was aimed at focus groups and beta tests, and didn't have a mechanism to provide feedback for stuff Microsoft hadn't thought of yet. (How typical.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
