Nice summary Darren. We need to bookmark this one for future questions. I was too lazy to type that much so I just found a link on the web. :P Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 | http://www.dvn.com <http://www.dvn.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Tuesday, January 06, 2009 11:12 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: (no subject) Steve- Is a complex topic for many (including me!) so I will try to attack it from a solution perspective. Essentially loopback is designed to help answer the following challenge, "How do I control user policy on a particular computer or set of computers such that, no matter who logs onto those computers, they always get the same user policy?". As you know, GP is processed by computers and users and the policy that a computer or user gets is determined by where the computer and user account resides in AD, where the GPO is linked, and whether its filtered or not. Loopback is a special mode of GP processing that you set on a per-computer basis. When a computer has loopback enabled, any user that logs onto that computer can be given a set of per-user policies that is different than the ones they would normally receive by virtue of where their user account is. The simplest example is a Terminal Server environment. A common configuration is to create an OU called "Terminal Servers". In that OU, you place computer accounts that are your Terminal Server machines. Now, linked to that OU, you create a GPO called "TS Loopback Policy". In that GPO, you enable loopback under Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy Loopback Processing Mode. When you enable the policy, you have two options-merge or replace. Merge says, "first apply the user's normal user policies (as if they were logging into their normal workstation) then apply the loopback user settings". Replace says, "Just apply the loopback user settings". I generally tell people to choose "replace" mode unless you have a specific requirement for merging. So, now that loopback is enabled, on that same TS GPO (assuming the simplest case) under User Configuration, you can set all of the loopback user settings that you want to apply to users logging into these TS boxes. When the user logs on, these user settings are applied instead of their "home" ones. Hope that helps. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Crompton Sent: Tuesday, January 06, 2009 5:49 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] (no subject) Hi Could you please explain Group Policy Loopback Processing ? im finding this very difficult to understand ! Thanks ________________________________ Get Windows Live Messenger on your Mobile. Click Here! <http://clk.atdmt.com/UKM/go/msnnkmgl0010000001ukm/direct/01/> Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.