[gptalk] Re: Loopback Processing

  • From: "Salandra, Justin A." <jasalandra@xxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 10 May 2007 11:11:30 -0400

We setup one policy with both the computer and user settings and
activated loopback processing.  Since I have many domains and multiple
user drive locations, I have opted to use the MERGE mode and have just
reversed what ever settings I don't want, which is only a few, in the
policy and set the ones that I do want.  Thanks

 

Justin A. Salandra

MCSE Windows 2000 & 2003

Network and Technology Services Manager

Catholic Healthcare System

646.505.3681 - office

917.455.0110 - cell

jasalandra@xxxxxxxxxxx <mailto:jasalandra@xxxxxxxxxxx> 

 

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Alan & Margaret
Sent: Thursday, May 10, 2007 8:57 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Loopback Processing

 

Hi Justin

 

What you are suggesting will work fine. Although it is "splitting hairs"
a bit, there is no actual need to have the computer account in the group
that has all of the user settings. You could just as easy have one
policy that the machine gets which activates loopback policy and a
separate policy that has all of the user settings you want. Both must be
linked to the OU containing the server though. 

 

The critical thing is that the machine must have a policy applied to it
that activates Loopback processing. If you use 'the "Merge" option for
loop back processing, the user will get all the policies they normally
get, PLUS those that are linked to the server OU. If you use "REPLACE"
they will only get the user settings in the policy that the server
belongs to.

 

Hope that makes sense and hasn't confused you further!

 

Alan Cuthbertson

 

 

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Salandra, Justin A.
Sent: Thursday, 10 May 2007 10:37 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Loopback Processing

 

So if I modify the security filtering and take out authenticated users
and put in the computer account and a custom group called Terminal
Server Users and the admin is not a member of those then the admin will
not get the User Policy settings defined in that loopback processing
Group Policy, just the machine policy?  I should be okay with that if
that is how it will work.

 

Justin A. Salandra

MCSE Windows 2000 and 2003

Network and Technology Services Manager

Catholic Health Care System

646.505.3681

cell 917.455.0110

jasalandra@xxxxxxxxxxx

 

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Steven
Sent: Wednesday, May 09, 2007 4:39 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Loopback Processing

 

You would use security filtering on the GPO. This dictates who/what the
GPO will apply to. I don't know how your groups are set up, but for
example, make sure the user you do not want the policy applied to is not
in the group the policy is going to apply to. 

 

Word of note though, in using loopback processing, the administrator
will be subject to the machine policy like everyone else, that's kind of
the point of it. However, if the admin is not in the group you are
applying this GPO to, the user settings will not apply. 

 

On 5/9/07, Salandra, Justin A. <jasalandra@xxxxxxxxxxx> wrote: 

I am setting up some Terminal Servers and wanted to ask a questions
about Loopback processing.

 

How can I make it so that the Administrator account does not have the
User Configuration of the policy applied to them when they logon to the
Terminal Server? 

 

Justin A. Salandra

MCSE Windows 2000 & 2003

Network and Technology Services Manager

Catholic Healthcare System

646.505.3681 - office

917.455.0110 - cell

jasalandra@xxxxxxxxxxx <mailto:jasalandra@xxxxxxxxxxx> 

 




-- 
Steve 

Other related posts: