Easy GPO Loopback processing that works

Posted by SysAdmin Tools on

WHAT IS LOOPBACK PROCESSING? 

Loopback processing allows you to apply user policies to computer objects. Like when you want to apply specific user policies to users only when they log into a terminal server, but not on their normal workstations.

CREATE THE TWO GPO POLICIES


1. Create a Computer and User policy.
The computer policy will be used to apply loopback processing to the device and the user policy will be used to host the settings for the selected users or groups. 

2. Link both user and computer policies to the Computer OU that contains the target device.

COMPUTER POLICY CHANGES

3. NB: Unlink "Authenticated Users" from your Computer policy security filtering and add only the device that you want Loopback Processing to apply to.

4. Configure Loopback Processing in this Computer policy. 
Computer Configuration > Policies > Administrative Templates
System > Group Policy > Configure user Group Policy loopback processing mode.

Which option should I choose?
Merge or Replace?  

  • Replace: User policies linked to computer OU will override the other user policies that linked to the user OU.
  • Merge: User policies linked to computer OU will be applied with the other user policies that linked to the user OU. If any conflicting settings between policies exist, GPO will process them normally based on the link order.

USER POLICY CHANGES

5. Add the settings in your User policy that you want to apply to the users.

6. Remove "Authenticated Users" from your User Policy security filtering and replace with the users or groups you want it to apply to. 

7. NB : Ensure that the Device you enabled Loopback processing on has Read Access to this user policy.

This final step is usually missed.

VERIFY

Log in with the user account on the device and run GPRESULT /R and ensure that the new user policy is applying to the user. 


Share this post



← Older Post


Leave a comment

Please note, comments must be approved before they are published.