[gptalk] Re: (no subject)

  • From: "Nelson, Jamie" <Jamie.Nelson@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 6 Jan 2009 12:34:44 -0600

Nice summary Darren. We need to bookmark this one for future questions.
I was too lazy to type that much so I just found a link on the web. :P


Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |
http://www.dvn.com <http://www.dvn.com/> 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Tuesday, January 06, 2009 11:12 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: (no subject)



Is a complex topic for many (including me!) so I will try to attack it
from a solution perspective. Essentially loopback is designed to help
answer the following challenge, "How do I control user policy on a
particular computer or set of computers such that, no matter who logs
onto those computers, they always get the same user policy?". As you
know, GP is processed by computers and users and the policy that a
computer or user gets is determined by where the computer and user
account resides in AD, where the GPO is linked, and whether its filtered
or not. Loopback is a special mode of GP processing that you set on a
per-computer basis. When a computer has loopback enabled, any user that
logs onto that computer can be given a set of per-user policies that is
different than the ones they would normally receive by virtue of where
their user account is. The simplest example is a Terminal Server
environment. A common configuration is to create an OU called "Terminal
Servers". In that OU, you place computer accounts that are your Terminal
Server machines. Now, linked to that OU, you create a GPO called "TS
Loopback Policy". In that GPO, you enable loopback under Computer
Configuration\Administrative Templates\System\Group Policy\User Group
Policy Loopback Processing Mode. When you enable the policy, you have
two options-merge or replace. Merge says, "first apply the user's normal
user policies (as if they were logging into their normal workstation)
then apply the loopback user settings". Replace says, "Just apply the
loopback user settings". I generally tell people to choose "replace"
mode unless you have a specific requirement for merging.


So, now that loopback is enabled, on that same TS GPO (assuming the
simplest case) under User Configuration, you can set all of the loopback
user settings that you want to apply to users logging into these TS
boxes. When the user logs on, these user settings are applied instead of
their "home" ones.


Hope that helps.



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve Crompton
Sent: Tuesday, January 06, 2009 5:49 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] (no subject)


Could you please explain Group Policy Loopback Processing ? im finding
this very difficult to understand !


Get Windows Live Messenger on your Mobile. Click Here!

Confidentiality Warning: This message and any attachments are intended only for 
the use of the intended recipient(s), are confidential, and may be privileged. 
If you are not the intended recipient, you are hereby notified that any review, 
retransmission, conversion to hard copy, copying, circulation or other use of 
all or any portion of this message and any attachments is strictly prohibited. 
If you are not the intended recipient, please notify the sender immediately by 
return e-mail, and delete this message and any attachments from your system. 

Other related posts: