0
Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.
To set user configuration per computer, follow these steps:
1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.
This policy directs the system to apply the set of GPOs for the computer to any user who logs on to a computer affected by this policy. This policy is intended for special-use computers where you must modify the user policy based on the computer that is being used. For example, computers in public areas, in laboratories, and in classrooms.
Note Loopback is supported only in an Active Directory environment. Both the computer account and the user account must be in Active Directory. If a Microsoft Windows NT 4.0 based domain controller manages either account, the loopback does not function. The client computer must be a running one of the following operating systems:
* Windows XP Professional
* Windows 2000 Professional
* Windows 2000 Server
* Windows 2000 Advanced Server
When users work on their own workstations, you may want Group Policy settings applied based on the location of the user object. Therefore, we recommend that you configure policy settings based on the organizational unit in which the user account resides. However, there may be instances when a computer object resides in a specific organizational unit, and the user settings of a policy should be applied based on the location of the computer object instead of the user object.
Note You cannot filter the user settings that are applied by denying or removing the AGP and Read rights from the computer object specified for the loopback policy.
Normal user Group Policy processing specifies that computers located in their organizational unit have the GPOs applied in order during computer startup. Users in their organizational unit have GPOs applied in order during logon, regardless of which computer they log on to.
In some cases, this processing order may not be appropriate. For example, when you do not want applications that have been assigned or published to the users in their organizational unit to be installed when the user is logged on to a computer in a specific organizational unit. With the Group Policy loopback support feature, you can specify two other ways to retrieve the list of GPOs for any user of the computers in this specific organizational unit:
* Merge Mode
In this mode, when the user logs on, the user's list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer's location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer's GPOs to have higher precedence than the user's GPOs. In this example, the list of GPOs for the computer is added to the user's list.
* Replace Mode
In this mode, the user's list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.
Wiki User
∙ 12y ago
Add your answer:
Earn +20 pts
A misconfigured group-policy setting in Active Directory causes a security hole?
Policy weakness
What are the two default GPOs that are created when active directory is installed?
Default Domain Policy and Default Domain Controller Policy
What are the difference between rollpack and loopback?
Rollback is a feature in database management that allows reverting changes back to a previous state if needed, while loopback is a type of network configuration where data sent out to a network is looped back to the sender without leaving the local system. These terms are used in different contexts and serve different purposes in computer science and networking.
What process applies Group Policy settings to various containers within Active Directory?
Linking
What would you audit to determine who is authenticating your Active Directory domain controllers?
Policy Change Events.
Which utility is used to edit the settings contained in an individual active directory group policy object?
Group Policy Management Console
Which utility is used to edit the settings contained in a individual Active Directory Group Policy Object?
Group Policy Management Console
What would you audit to determine who is authenticating against your Active Directory domain controllers?
Policy Change Events.
What would you audit to determine who is authenticating against you Active Directory domain controller?
Policy Change Events.
Is a way to set up specific configurations for users and computers within an Active Directory domain?
group policy
How to Create Rules in Active Directory Services?
1)On the Active Directory tab, click Create synchronization rule. 2)Enter the server address for your Active Directory server and a user name and password that provide at least read access, then click Next. 3)elect the Active Directory container that you want to import, then click Next. 4)Select the target policy domain for importing the structure, then click Next. 5)Click Done to run the synchronisation rule.
How do you access different features to the active directory?
The Active Directory administrative tools can only be used from a computer with access to a domain. The following Active Directory administrative tools are available on the Administrative Tools menu: Active Directory Users and Computers (dsa.msc) Active Directory Domains and Trusts (domain.msc) Active Directory Sites and Services (dssite.msc)
