Here is my scenario:
Abc.com (domain)
- OU Containing users and normal computers
- Multiple user and computer GPO’s
Lab.abc.com (domain)
- OU Containing LAB computers ONLY
- No GPO’s whatsoever
Both domains are trusted to so abc.com users can log into lab.abc.com computers. All users and normal computers reside on the abc.com domain. Lab computers reside in the lab domain and that domain has no GPO’s.
Basically, I don’t want to the user GPO’s (like drive mappings, etc..) from the abc.com OU to apply when abc.com user log into the lab computers.
I created an abc.com\LAB_Computers group and threw all the lab computer into it. Then I went into the GPO delegations area and denied the applying of each user GPO to that computer group. That did not work. I have also tried disabling inheritance within the lab OU, and tested the loopback processing with no luck.
I would think the “Deny” applying GPO setting would work, but I am unsure why it is not.