[gptalk] Re: Loopback Processing

  • From: "Alan & Margaret" <syspro@xxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 10 May 2007 22:57:06 +1000

Hi Justin

 

What you are suggesting will work fine. Although it is "splitting hairs" a
bit, there is no actual need to have the computer account in the group that
has all of the user settings. You could just as easy have one policy that
the machine gets which activates loopback policy and a separate policy that
has all of the user settings you want. Both must be linked to the OU
containing the server though. 

 

The critical thing is that the machine must have a policy applied to it that
activates Loopback processing. If you use 'the "Merge" option for loop back
processing, the user will get all the policies they normally get, PLUS those
that are linked to the server OU. If you use "REPLACE" they will only get
the user settings in the policy that the server belongs to.

 

Hope that makes sense and hasn't confused you further!

 

Alan Cuthbertson

 

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Salandra, Justin A.
Sent: Thursday, 10 May 2007 10:37 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Loopback Processing

 

So if I modify the security filtering and take out authenticated users and
put in the computer account and a custom group called Terminal Server Users
and the admin is not a member of those then the admin will not get the User
Policy settings defined in that loopback processing Group Policy, just the
machine policy?  I should be okay with that if that is how it will work.

 

Justin A. Salandra

MCSE Windows 2000 and 2003

Network and Technology Services Manager

Catholic Health Care System

646.505.3681

cell 917.455.0110

jasalandra@xxxxxxxxxxx

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Steven
Sent: Wednesday, May 09, 2007 4:39 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Loopback Processing

 

You would use security filtering on the GPO. This dictates who/what the GPO
will apply to. I don't know how your groups are set up, but for example,
make sure the user you do not want the policy applied to is not in the group
the policy is going to apply to. 

 

Word of note though, in using loopback processing, the administrator will be
subject to the machine policy like everyone else, that's kind of the point
of it. However, if the admin is not in the group you are applying this GPO
to, the user settings will not apply. 

 

On 5/9/07, Salandra, Justin A. <jasalandra@xxxxxxxxxxx> wrote: 

I am setting up some Terminal Servers and wanted to ask a questions about
Loopback processing.

 

How can I make it so that the Administrator account does not have the User
Configuration of the policy applied to them when they logon to the Terminal
Server? 

 

Justin A. Salandra

MCSE Windows 2000 & 2003

Network and Technology Services Manager

Catholic Healthcare System

646.505.3681 - office

917.455.0110 - cell

 <mailto:jasalandra@xxxxxxxxxxx> jasalandra@xxxxxxxxxxx

 




-- 
Steve 

Other related posts: