Group Policy loopback processing

Note by , created over 5 years ago

Microsoft 70-410 (Active Directory) Note on Group Policy loopback processing, created by kamsz on 08/13/2013.

Eye 227
Pin 0
Balloon left 0
Created by kamsz over 5 years ago
Group types
Group scopes
Starter GPO
AS level Maths Equations to Remember
Gurdev Manchanda
Část 14.
Nikola Truong
Microsoft Exam 70-410: Volume1- Test 1
Alex Quito
Active Directory Flexible Single-Master
WMI Filters
Active Directory Schema snap-in
GPO Link icons

Page 1

Loopback processing with merge or replace Loopback is an advanced Group Policy setting that is useful on computers in certain closely managed environments, such as servers, kiosks, laboratories, classrooms, and reception areas. Loopback only works when both the user account and the computer account are in a Windows 2000 or later domain. Loopback does not work for computers joined to a workgroup. Setting loopback causes the User Configuration settings in GPOs that apply to the computer to be applied to every user logging on to that computer, instead of (in replace mode) or in addition to (in merge mode) the User Configuration settings of the user. This allows you to ensure that a consistent set of policies is applied to any user logging on to a particular computer, regardless of their location in Active Directory. Loopback is controlled by the following setting, User Group Policy loopback processing mode, which is located under Computer Configuration\Administrative Templates\System\Group Policy in Group Policy Object Editor (GPMC).By default, a user's policy settings come from the set of GPOs that are applied to the user object in Active Directory. During Group Policy processing on the client, the Group Policy engine assembles an ordered list of GPOs from the site, domain, and all organizational units for that user object.Loopback can be set to Not Configured, Enabled, or Disabled. In the Enabled state, loopback can be set to Merge or Replace. In either case the user only receives user-related policy settings. Loopback with Replace—In the case of Loopback with Replace, the GPO list for the user is replaced in its entirety by the GPO list that is already obtained for the computer at computer startup. The User Configuration settings from this list are applied to the user. Loopback with Merge—In the case of Loopback with Merge, the Group Policy object list is a concatenation. The default list of GPOs for the user object is obtained, as normal, but then the list of GPOs for the computer (obtained during computer startup) is appended to this list. Because the computer's GPOs are processed after the user's GPOs, they have precedence if any of the settings conflict.

New Page