We do some special case login scripts with reg entries for individual users (which is all a GPO tends to do anyway), but it's not the cleanest.
Your suggestion is a good one. -sc > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Monday, August 03, 2009 5:27 PM > To: NT System Admin Issues > Subject: GPO for a single user > > Hey list, > > To the best of my knowledge, there is no way to create a GPO for a > particular user account. You can, of course, create a GPO linked to > the OU containing that user account, and then set "permissions" on the > GPO such that only that user has the "Apply Group Policy" permission > for that GPO. But ultimately, it's still a GPO associated with an OU. > > We have occasional "one-off" GPOs. They get applied to a single > role account used for automation that needs a logoff script custom to > the application. (We could detect the user name in a more global > logoff script, I suppose, but that's even less elegant.) > > I was thinking an individual user GPO would be a convenient feature > to have. It would be somewhat analogous to the "machine local GPO" > that currently exists for computers. You can edit that GPO by logging > into the computer and running GPEDIT.MSC. It applies to the local > machine only. It would be nice if user accounts had something like > like that. Maybe a "User GPO" button on the "Account" tab or > whatever. > > If someone knows of a better way with existing tools, please feel > free to hit me with a cluebat. > > Anyone know how one would submit this as a suggestion to Microsoft? > Last I went looking, [email protected] had been shut down. There > was a sort-of replacement at <http://connect.microsoft.com>, but it > was aimed at focus groups and beta tests, and didn't have a mechanism > to provide feedback for stuff Microsoft hadn't thought of yet. (How > typical.) > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
