[gptalk] Re: (no subject)

  • From: Steve Crompton <stecrompton@xxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 6 Jan 2009 19:04:45 +0000

Thanks Darren.
 
Well explained. Much clearer now, thanks !!



Subject: [gptalk] Re: (no subject)Date: Tue, 6 Jan 2009 12:34:44 -0600From: 
Jamie.Nelson@xxxxxxxxx: gptalk@xxxxxxxxxxxxx





Nice summary Darren. We need to bookmark this one for future questions. I was 
too lazy to type that much so I just found a link on the web. :P
 

Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon Energy 
Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 | http://www.dvn.com
 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-EliaSent: Tuesday, January 06, 2009 11:12 AMTo: 
gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Re: (no subject)
 
Steve-
Is a complex topic for many (including me!) so I will try to attack it from a 
solution perspective. Essentially loopback is designed to help answer the 
following challenge, “How do I control user policy on a particular computer or 
set of computers such that, no matter who logs onto those computers, they 
always get the same user policy?”. As you know, GP is processed by computers 
and users and the policy that a computer or user gets is determined by where 
the computer and user account resides in AD, where the GPO is linked, and 
whether its filtered or not. Loopback is a special mode of GP processing that 
you set on a per-computer basis. When a computer has loopback enabled, any user 
that logs onto that computer can be given a set of per-user policies that is 
different than the ones they would normally receive by virtue of where their 
user account is. The simplest example is a Terminal Server environment. A 
common configuration is to create an OU called “Terminal Servers”. In that OU, 
you place computer accounts that are your Terminal Server machines. Now, linked 
to that OU, you create a GPO called “TS Loopback Policy”. In that GPO, you 
enable loopback under Computer Configuration\Administrative 
Templates\System\Group Policy\User Group Policy Loopback Processing Mode. When 
you enable the policy, you have two options—merge or replace. Merge says, 
“first apply the user’s normal user policies (as if they were logging into 
their normal workstation) then apply the loopback user settings”. Replace says, 
“Just apply the loopback user settings”. I generally tell people to choose 
“replace” mode unless you have a specific requirement for merging.
 
So, now that loopback is enabled, on that same TS GPO (assuming the simplest 
case) under User Configuration, you can set all of the loopback user settings 
that you want to apply to users logging into these TS boxes. When the user logs 
on, these user settings are applied instead of their “home” ones.
 
Hope that helps.
Darren
 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steve CromptonSent: Tuesday, January 06, 2009 5:49 AMTo: 
gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] (no subject)
 
Hi Could you please explain Group Policy Loopback Processing ? im finding this 
very difficult to understand ! Thanks



Get Windows Live Messenger on your Mobile. Click Here!




Confidentiality Warning: This message and any attachments are intended only for 
the use of the intended recipient(s), are confidential, and may be privileged. 
If you are not the intended recipient, you are hereby notified that any review, 
retransmission, conversion to hard copy, copying, circulation or other use of 
all or any portion of this message and any attachments is strictly prohibited. 
If you are not the intended recipient, please notify the sender immediately by 
return e-mail, and delete this message and any attachments from your system. 
_________________________________________________________________
 Live Search presents Big Snap II - win John Lewis vouchers 
http://clk.atdmt.com/UKM/go/117442309/direct/01/

Other related posts: