By default, when you link several GPOs to an Active Directory site, an organizational unit, ... the policies are merged and applied if the security filtering and/or WMI filtering allow it.
In this tutorial, we are going to tell you about a somewhat special policy that concerns the application of group policies.
To begin, we have an organizational unit with a linked GPO.
In this GPO, we have policies that apply to the computer and others to the user.
Now, we create a new GPO which we will name, for example, "LoopbackGpo".
In "Computer Configuration -> Policies -> Administrative Templates -> System", you will find a "Group Policy" folder.
In this "Group Policy" folder, you will find a policy named : Configure user Group Policy loopback processing mode.
As indicated in the description of this policy, enabling this policy indicates that the group policies located in this GPO must be applied to the computer, regardless of the user who will log on to the computer affected by this GPO.
As explained in the description of this policy, there are 2 modes for this policy :
Small example : if by default, a user policy gives you the right to access a particular resource, but this right is not present in the current GPO and you select the "Replace" mode for the policy below below, you will lose your particular right on the targeted computer (due to this policy below).
For the example, we have configured some user policies in this same GPO to hide these desktop icons : This PC, Documents and Recycle Bin.
We link this new GPO to our organizational unit.
If you display your GPO settings, you will see :
Since our 2 objects "MyGpoObject" and "LoopbackGpo" are linked to the same AD location and they are both applied to the same computers and users, the user policies defined here in the "LoopbackGpo" object will be the only group policies on user-side that will be applied on the affected client computers.
In our case, the 3 desktop icons (mentioned above) will therefore be deleted on the client PC, regardless of the user who logs on to it.
The user policies of our "MyGpoObject" GPO will therefore not be applied since the user configuration will be replaced by that of our "LoopbackGpo" GPO.
Windows Server 4/3/2021
Windows Server 12/25/2016
Windows Server 7/16/2021
Windows Server 10/15/2021
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2021 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.