We don't have that issue to be honest but my guess is you have a few options. It would still require you to do a check on where the user is located.
You can use the .bat files on the appstack itself to trigger specific actions after the appstack is attached. Make sure to use the .bat file that is being executed by the system account, otherwise you could end up with a permission denied.
Are you using writables? Your other option could be to attach this specific appstack to the computer accounts but this only works if you are NOT using writables, this way the appstack is already attached before the user logs in and then the policy can be applied to the appstack.
And my last option would be to silently run gpupdate /force as a logon process. This way the appstack is attached and the policy is forced..
Depending on your wishes one of these should do the trick.