Okay, after some search I think I found it -  there is no need to add users to the OU if we enable the Group Policy loopback processing mode. Is that correct?

Hi there..

Hope this can answer your question..

- The DEM GPO settings are User Settings, however the settings themselves point the "DEM Agent" on the Windows VDI/PC to the dem_config_share and the user_profile_share

- The settings also tell how the Agent should behave with the user logging into the Windows VDI/PC, at the time of user logon.

- That is why the DEM GPO is targeted to the OU that has the Computer AD Objects

- In some cases the user AD Object is also in the same OU, but not in many cases, which is why to have the User Setting targeting an OU with Computer Objects, needs to have the additional "Computer Setting - Loopback Processing" in place

- And the control over how the GPO is in effect can be controlled by using the Loopback Processing GPO setting in the MERGE/REPLACE Mode

- Kiosks Windows OS and Windows OS where you don't want any user resedual settings, would prefer to have Loopback Processing in REPLACE Mode

- Others would use MERGE Mode

- In some cases with more than one GPO in play (the GPO order or precedence should also be taken into consideration)

- for instance you want to ensure REPLACE Mode is the GPO setting of choice for the Loopback Processing setting (which means it will ignore User GPOs below it), so you might want to have this GPO to be the last GPO in the GPO Order of Precedence.

There are a lot of combinations one can work with, but its what will work in the environment that matters, hence the flexibility of choice in GPO placement and loopback processing.