[THIN] Re: GPO question

  • From: Joe Shonk <joe.shonk@xxxxxxxxx>
  • To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
  • Date: Thu, 23 Jul 2015 08:19:10 -0400

You only need one loopback policy for the machine. Its computer based, not
user. No need to add it to other policies.

Sent from my iPhone

On Jul 23, 2015, at 8:03 AM, Jason Benway <benwayj@xxxxxxxxxxx> wrote:

I’m going to re-state to make sure I understand J

Because I have a different GPO enabling loopback on these servers, the
settings on the GPO for the script (which is in the user section only) needs
the servers to be able to read too?
Will it then still only run for the AD group not all users on the servers?



From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Webster
Sent: Wednesday, July 22, 2015 5:08 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: GPO question


Security filtering requirements:
1. The computer account must have READ and APPLY permissions to the GPO
that contains the loopback configuration setting.
2. If you are configuring user settings in the same GPO as computer
settings, then the user and computer accounts will both need READ and APPLY
permissions to the GPO since there are portions of the GPO that are
applicable to both.



From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Carl Stalhood
Sent: Wednesday, July 22, 2015 4:01 PM
To: Thin Freelists
Subject: [THIN] Re: GPO question

With loopback processing and security filtering, did you also add Domain
Computers to the security filter? The XenApp computers need to be able to
read the GPO.

On Wed, Jul 22, 2015 at 2:37 PM, Jason Benway <benwayj@xxxxxxxxxxx> wrote:
I have our standard GPO for XA (desktops and apps) set with loopback
processing. I’m trying to add another GPO that runs a script, I want it to
only run for an AD group of users, so it’s a separate GPO with security
filtering for that group. But it’s not applying when the users log in.
Gpresult shows the GPO as Inaccessible, if I change the security filer back
to authenticated users, it works but runs for everyone.

It’s got to be something easy but I just can’t figure it out. What am I


Other related posts: