Solved: How To Push a User GPO To Only Some Computers

If need to have different settings for your users depending upon which computers they are on this is the article for you.  Trying to set and HKCU entry based on the machine can be easily done but the process is not obvious.

Our customers wants users to have the default 1 year of caching in Outlook so when they are on a plane, they still have their mail BUT they also was users to log into dozens of boardroom computers and be able to bring up their Outlook with no caching so they don’t fill up the local disk.

The solution is something called ITEM LEVEL TARGETING and it exists in all Windows Active Directory versions since 2008 so you have it already but did not know it.

You set a GPO that effects HKCU and then restrict it to only those computers you want, in our case kiosk / boardroom PC’s.  In this way, when the user signs into their usual laptop the GPO does not take effect because ITEM LEVEL TARGETING filters that GPO out.  When the same user signs into a boardroom PC the policy does apply because ITEM LEVEL TARGETING has a match on the PC’s host name.

outlook cached mode does not have level targeting gpoHow To Set Item Level Targeting

Not all GPO’s support Item Level Targeting but registry entries do.  Fortunately virtually all GPO settings are simply making changes to the registry.

This means if you want to apply a GPO that manages Outlook cache mode you can use the CACHED EXCHANGE MODE GPO you see to the right.  I needed to figure out which registry entry.  In my case I needed to set HKCU\Software\Policies\Microsoft\Office\16.0\outlook\ost\NoOST=2 on just boardroom PC’s and this is how it was done:

  1. Create new or edit an existing GPO
  3. Right click and CREATE NEW
  4. Set the registry entry you want (in my case it was Software\Policies\Microsoft\Office\16.0\outlook\ost\  VALUE=NoOST   REG_DWORD=2
  6. Click NEW and add the condition you want.  In my case it was any computer in the OU = KIOSKS


Questions or Comments?