Justin, We had that same thing with the Administrators needing to be exempt from the loopback GPO on the Citrix boxes. We created a group like DenyGPOonCtx, put the Admins in it, and using GPMC, delegation tab. Add the group, go to Advanced button and set the "Apply Group Policy" permission to Deny. This way you can leave the Security Filtering as Authenticated Users. Regards, Robert Tannehill CSC _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Salandra, Justin A. Sent: Thursday, May 10, 2007 8:12 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Loopback Processing Thanks Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell <mailto:jasalandra@xxxxxxxxxxx> jasalandra@xxxxxxxxxxx _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Alan & Margaret Sent: Thursday, May 10, 2007 9:18 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Loopback Processing HI Justin, No, this suggestion will work perfectly OK as well. The critical thing is that the user settings must be in a policy connected to the OU containing the server and the users must be set via security filtering to APPLY and the administrators must either be in the deny group or not in the apply group. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir <http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml> &f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir <http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml> &f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir <http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml> &f=policyreporter.shtml _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Salandra, Justin A. Sent: Thursday, 10 May 2007 10:38 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Loopback Processing I thought I read somewhere that even by doing that it won't have any affect. I plan on testing the Group Policy today, just wanted to get a head start on trying not to re-invent the wheel. Thanks Justin A. Salandra MCSE Windows 2000 and 2003 Network and Technology Services Manager Catholic Health Care System 646.505.3681 cell 917.455.0110 jasalandra@xxxxxxxxxxx _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Washington, Booker Sent: Wednesday, May 09, 2007 3:38 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Loopback Processing You can set the administrator account to deny for the policy. Anyone else have any ideas? _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Salandra, Justin A. Sent: Wednesday, May 09, 2007 3:23 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Loopback Processing I am setting up some Terminal Servers and wanted to ask a questions about Loopback processing. How can I make it so that the Administrator account does not have the User Configuration of the policy applied to them when they logon to the Terminal Server? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell <mailto:jasalandra@xxxxxxxxxxx> jasalandra@xxxxxxxxxxx