I am currently reading a book on Windows Server 2008 and came across loopback policy processing which is a really useful policy to implement in the appropriate environment.
Loopback policy processing is a setting within Group Policy which allows user policies that are applied to targeted computers to take precedence over user policies which are applied to users in separate GPOs. This policy comes in very useful if you have client machines located in a communal area and you want the same configuration applied to any user who logs onto the machine regardless of their normal user defined policy settings.
An example, if you have a laptop which is used solely for the purpose of client presentations you may not want Joe Bloggs who logs onto the machine to be able to set an inappropriate desktop background or be able configure registry settings when logged onto this particular machine. With loopback policy enabled the user settings applied to the computer would be take precedence thus safeguarding and standardizing communal machines on your network from any unwanted changes by users.
Other common uses of Loopback policy processing are applying the policy to terminal servers in order to create a standardized environment.
To define this policy follows the steps below:-
- Log onto your primary domain controller where policies are defined.
- Open the Group Policy Management Console
- Right click on the GPO which is scoped to machines you want to target
- When Group Policy Editor appears, click Computer configuration > Administrative Templates > System > Exapand the Group Policy node.
- Locate the User group policy loopback policy node and then enable this by double clicking the setting
Two other options are available when defining this setting, merge mode and replace mode. If you select merge mode, user settings from separate GPO will be applied to the computer where conflicting settings exist the GPO scoped to the computer will take precedence. If replace mode is selected all user settings defined in the computer targeted GPO will take effect.
Below are some online resources which further explain the set up instructions:-