Yes. Its just a matter of using your security filters correctly. Your loopback GPO needs to grant only the computers and users who you want to process this policy, the read an apply gp rights, and no others. From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Buonora, Craig (GE, Research, consultant) Sent: Monday, December 11, 2006 12:04 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Apply GPO to Computers Only Darren thanks for the response, this GPO is to prevent users from mapping drives. What I need to configure is to prevent any user that logs on to a group of 5 machines [except 1 or two admins] from right-clicknig on My Computer - Map Network Drive. Just 5 machines, not the entrie Domain and I do NOT want to create a seperate OU for this. Can this be done? Thanks, Craig _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Friday, December 08, 2006 10:49 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Apply GPO to Computers Only So you have a GPO that contains some logon script and sets loopback? I suspect the problem is that you've removed authenticated users, added the computer accounts, which is fine, but no users can read the user portion of the loopback GPO when they logon. You might try granting Read and Apply GP to the "Domain Users" group. That allows users to read the GPO but not other computers. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Buonora, Craig (GE, Research, consultant) Sent: Thursday, December 07, 2006 12:59 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Apply GPO to Computers Only I had another issue come up where I need to apply a User configuration item [remove map network drive] to about 6 computers in my Domain. I created the GPO, remove the Authenticated Users element from the delegation - Advance tab, and added my machine names, and click Read and apply for the permissions to each. I also included Loopback Processing to Merge with this, I used merge and replace. I cannot get this policy to apply. This needs to be set on 6 machines that are used by the public and I do not want to do this locally as I would like to exclude eventually some NT accounts from the policy so they can log on and do some admin functionality that involves mapping drives. Thank again in advance for the help. Craig M. Buonora GE Global Research Center CompuCom Systems, Inc. Network Services Engineer II T 518.387.6664 F 518.387.7427 D *833-6664 E buonora@xxxxxxxxxxxxxxx One Research Circle Building KW Room C153 Niskayuna, New York 12309 www.ge.com <http://www.ge.com/>