Group Policy loopback processing

Description

Microsoft 70-410 (Active Directory) Note on Group Policy loopback processing, created by kamsz on 13/08/2013.
kamsz
Note by kamsz, updated more than 1 year ago
kamsz
Created by kamsz over 11 years ago
260
0

Resource summary

Page 1

Loopback processing with merge or replace Loopback is an advanced Group Policy setting that is useful on computers in certain closely managed environments, such as servers, kiosks, laboratories, classrooms, and reception areas. Loopback only works when both the user account and the computer account are in a Windows 2000 or later domain. Loopback does not work for computers joined to a workgroup. Setting loopback causes the User Configuration settings in GPOs that apply to the computer to be applied to every user logging on to that computer, instead of (in replace mode) or in addition to (in merge mode) the User Configuration settings of the user. This allows you to ensure that a consistent set of policies is applied to any user logging on to a particular computer, regardless of their location in Active Directory. Loopback is controlled by the following setting, User Group Policy loopback processing mode, which is located under Computer Configuration\Administrative Templates\System\Group Policy in Group Policy Object Editor (GPMC).By default, a user's policy settings come from the set of GPOs that are applied to the user object in Active Directory. During Group Policy processing on the client, the Group Policy engine assembles an ordered list of GPOs from the site, domain, and all organizational units for that user object.Loopback can be set to Not Configured, Enabled, or Disabled. In the Enabled state, loopback can be set to Merge or Replace. In either case the user only receives user-related policy settings. Loopback with Replace—In the case of Loopback with Replace, the GPO list for the user is replaced in its entirety by the GPO list that is already obtained for the computer at computer startup. The User Configuration settings from this list are applied to the user. Loopback with Merge—In the case of Loopback with Merge, the Group Policy object list is a concatenation. The default list of GPOs for the user object is obtained, as normal, but then the list of GPOs for the computer (obtained during computer startup) is appended to this list. Because the computer's GPOs are processed after the user's GPOs, they have precedence if any of the settings conflict.

New Page

Show full summary Hide full summary

Similar

Active Directory Flexible Single-Master
kamsz
Microsoft Exam 70-410: Volume1- Test 1
Alex Quito
WMI Filters
kamsz
Active Directory Schema snap-in
kamsz
Group types
kamsz
Starter GPO
kamsz
Group scopes
kamsz
GPO Link icons
kamsz
5.2 Authentication and Authorization Technologies
DJ Perrone
Active Directory Architechture
Tyler Lee-Farrell
Windows Server 2012
kamsz