Now I've got a somewhat convoluted problem. I have these special kiosk machines in their own OU and they have a domain user service account, this account is secured. My issue is I need to apply some settings to a certain security group if they log onto these machines, however these settings can only be for these machines, not their normal work computers. Can I apply user settings to the OU containing the machines and then filter it to the security group and turn on loopback processing and this work? I'm thinking through it and believe that the loopback wouldn't take effect because its looping back on the user via the computer, so if the computer can apply the loopback gpo then any user that logs in will get those settings as it's the computer looking at the GPO not the user. Ideas?