Easy GPO Loopback processing that works

Posted by SysAdmin Tools on


Loopback processing allows you to apply user policies to computer objects. Like when you want to apply specific user policies to users only when they log into a terminal server, but not on their normal workstations.


1. Create a Computer and User policy.
The computer policy will be used to apply loopback processing to the device and the user policy will be used to host the settings for the selected users or groups. 

2. Link both user and computer policies to the Computer OU that contains the target device.


3. NB: Unlink "Authenticated Users" from your Computer policy security filtering and add only the device that you want Loopback Processing to apply to.

4. Configure Loopback Processing in this Computer policy. 
Computer Configuration > Policies > Administrative Templates
System > Group Policy > Configure user Group Policy loopback processing mode.

Which option should I choose?
Merge or Replace?  

  • Replace: User policies linked to computer OU will override the other user policies that linked to the user OU.
  • Merge: User policies linked to computer OU will be applied with the other user policies that linked to the user OU. If any conflicting settings between policies exist, GPO will process them normally based on the link order.


5. Add the settings in your User policy that you want to apply to the users.

6. Remove "Authenticated Users" from your User Policy security filtering and replace with the users or groups you want it to apply to. 

7. NB : Ensure that the Device you enabled Loopback processing on has Read Access to this user policy.

This final step is usually missed.


Log in with the user account on the device and run GPRESULT /R and ensure that the new user policy is applying to the user. 


Share this post

← Older Post Newer Post →

Leave a comment

Please note, comments must be approved before they are published.