#StackBounty: #windows-10 #group-policy #file-association GPO – Default File Association from user/machine combination

Bounty: 50

I have a GPO that uses ComputerConfigurationPoliciesAdminstrativeTemplatesWindowsComponentsFileExplorerSet a default associations configuration file to set the file associations for a particular computer.

Is it possible to control this by a combination of user and computer, rather than just by computer. eg if UserA logs onto Computer1, they get one set of file associations, but if UserB logs onto Computer1, they get a different set? I realise I would need multiple GPOs for this setup.

I’ve tried creating a security group with the users I want to target, but the policy isn’t being applied because Filtering: Denied (Security). I guess this is because it’s a computer level policy, and not a user level one? Thanks.


In response to @OOOO’s comment, there are some settings, such as file associations, that are implemented via a computer policy, but that are also relevant to a particular user.

Imagine the situation that I have two different PDF readers installed on the same machine. A certain group of users expect to use Sumatra PDF because it is more secure (no javascript processing), whereas another group need Acrobat Reader DC because it can handle encrypted attachments. In this situation it makes perfect sense to be able to implement a GPO based on which computer a user is logged in to, or rather, which user is logged into a particular computer.


I have managed to make this work (I think!), by creating a security group, and adding both the users and the computer into that group. The GPO is applied, and seems to work for the users I have specified, but I am wondering if the computer policy part is working because the computer is in the security group, rather than the combination of computer and user.

Does anyone know if the computer policy is applied because the user and computer are part of the group, or is it just because of the computer’s membership in said group?

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.