Loopback policy

  • Thread starter Thread starter Tony
  • Start date Start date
T

Tony

Why do I have to enable the loopback policy in order for computers in my OU
to get the GPO?

Without that checked, the comnputers will not get login scripts etc..
 
Hi Tony

Without loopback turned on, the Computer Configuration portion of a GPO
applies to computer objects in the OU heirarchy it's linked to. Likewise,
the User Configuration portion of a GPO applies to user objects in the OU
heirarchy it's linked to. If you configure User Configuration settings in a
GPO and link it to an OU structure that only contains computers, nothing
will happen.

Loopback policy allows User Configuration settings to apply to a computer
instead of a user. As you've no doubt discovered, you can replace the
settings that would normally apply to a user account or merge them with the
policy settings coming from GPO's linked to the OU heirarchy in which the
user accounts reside.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Mark,

Thank you for your excellent explanation. It all makes sense now


Mark Renoden said:
Hi Tony

Without loopback turned on, the Computer Configuration portion of a GPO
applies to computer objects in the OU heirarchy it's linked to. Likewise,
the User Configuration portion of a GPO applies to user objects in the OU
heirarchy it's linked to. If you configure User Configuration settings in
a GPO and link it to an OU structure that only contains computers, nothing
will happen.

Loopback policy allows User Configuration settings to apply to a computer
instead of a user. As you've no doubt discovered, you can replace the
settings that would normally apply to a user account or merge them with
the policy settings coming from GPO's linked to the OU heirarchy in which
the user accounts reside.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Tony said:
Why do I have to enable the loopback policy in order for computers in my
OU to get the GPO?

Without that checked, the comnputers will not get login scripts etc..
Click to expand...
Click to expand...
 
Back
Top