[THIN] Re: Applying group policies to citrix sessions..

• From: Jim Kenzig <jimkenz@xxxxxxxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Tue, 24 Sep 2002 11:20:18 -0400

Here ya go.
JK


Loopback Processing of Group PolicyPSS ID Number: Q231287

Article Last Modified on 07-24-2002


----------------------------------------------------------------------------
----
The information in this article applies to: 

Microsoft Windows 2000 Server 
Microsoft Windows 2000 Professional

----------------------------------------------------------------------------
----


Summary
Group Policy applies to the user or computer in a manner that depends on
where both the user and the computer objects are located in Active
Directory. However, in some cases, users may need policy applied to them
based on the location of the computer object alone. You can use the Group
Policy loopback feature to apply Group Policy Objects (GPOs) that depend
only on which computer the user logs on to. 



More Information
To set user configuration per computer: 

In the Group Policy Microsoft Management Console (MMC), click Computer
Configuration. 


Locate Administrative Templates, click System, click Group Policy, and then
enable the Loopback Policy option. 


This policy directs the system to apply the set of GPOs for the computer to
any user who logs on to a computer affected by this policy. This policy is
intended for special-use computers (for example, computers in public places,
laboratories, and classrooms), where you must modify the user policy based
on the computer that is being used. 

NOTE: Loopback is supported only in a purely Windows 2000 based environment.
Both the computer account and the user account must be in Active Directory.
If a Microsoft Windows NT 4.0 based domain controller manages either
account, the loopback does not function. The client computer must be a
Windows 2000 based computer.

When users work on their own workstations, you may want to have Group Policy
settings applied based on the location of the user object. Therefore, it is
recommended that you configure policy settings based on the organizational
unit (OU) in which the user account resides. However, there may be instances
when a computer object resides in a specific OU, and the user settings of a
policy should be applied based on the location of the computer object
instead of the user object.

NOTE: You cannot filter the application of user settings by denying or
removing the AGP and Read rights from the computer object specified for the
loopback policy. 

Normal user Group Policy processing specifies that computers located in
their OU have the GPOs applied in order during computer startup. Users in
their OU have GPOs applied in order during logon, regardless of which
computer they log on to. 

In some cases, this processing order may not be appropriate (for example,
when you do not want applications that have been assigned or published to
the users in their OU to be installed while they are logged on to the
computers in some specific OU). With the Group Policy loopback support
feature, you can specify to other ways to retrieve the list of GPOs for any
user of the computers in this specific OU: 
Merge Mode
In this mode, when the user logs on, the user's list of GPOs is gathered
normally by using the GetGPOList function. The GetGPOList function is then
called again, using the computer's location in Active Directory. The list of
GPOs for the computer is then added to the end of the GPOs for the user.
This causes the computer's GPOs to have higher precedence than the user's
GPOs. In this example, the list of GPOs for the computer is added to the
user's list. 


Replace Mode
In this mode, the user's list of GPOs is not gathered. Only the list of GPOs
based on the computer object is used. 



Additional query words: 

Keywords: kbenv kbnetwork 
Issue Type: kbinfo 
Technology: kbwin2000Serv kbwin2000ServSearch kbwin2000Search
kbwin2000ProSearch kbwin2000Pro 

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Steve Rance
Sent: Tuesday, September 24, 2002 11:11 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Applying group policies to citrix sessions..



Thanks for your help so far on this...=20

is there any good documentation on setting up "Loopback Processing", or =
somewhere I can look to get an understanding of it.

Thanks,

Steve

-
**********************************************
This weeks sponsor Kevsoft Corporation 
TScale by Kevsoft Corporation 
Support 30% to 40% more users on your server farm
without buying new hardware!  
http://www.kevsoft.com/
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..
• » [THIN] Re: Applying group policies to citrix sessions..

1. Home
2. thin
3. Archive
4. 09-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---