Results 1 to 4 of 4

Thread: Loopback Processing Issue

  1. 01-16-2012, 12:05 PM #1
    dsmithmcse
    dsmithmcse is offline Getting Started on GPanswers.com
    Join Date
    Dec 1969
    Posts
    8

    Default Loopback Processing Issue

    I have a question concerning GPO loopback processing. I thought I was pretty familiar with how it works but while trying to fix an issue I am now doubting myself. Here is my issue: We have a domain where the OU structure is based on object type e.g. Users, PCs, Servers, ServiceAccounts, Groups..... We have a GPO that I'll call Default-ScrnSaver which sets our corporate screen saver policy (PW required to unlock, Screensaver is active and Screen Saver timeout is 900 sec). GPO Loopback processing is also enabled on the GPO and it is linked to child OUs under the top level PCs OU (PCs/SiteName/Desktops).

    We have a second GPO I'll call Disable-Screensaver (yeah real original) that is used to disable screen saver settings for a targeted group of machines. This GPO also utilizes GPO Loop Back Processing as well as Security Filtering where AuthUsers = Read and the target computer group is Read and Apply GPO. This GPO is linked and enforced at a level above the first Screen Saver GPO (PCs/SiteName).

    So my question is. Which Screen Saver setting will apply. My initial thought was the upper level and enforced GPO settings would be applied. But I am seeing the opposite. I am seeing the lower lever (closest to object) screen saver settings getting applied. Even thought the the uppper level GPO is enforced. I am now thinking that because the lower level GPO is also using loop back processing it is overwriting the enforced GPO from above.

    Any additional insight to this will certainly help me sleep at night

    Thanks in advance
    Reply With Quote Reply With Quote
  2. 01-18-2012, 10:00 AM #2
    trekker Guest

    Default

    First off, Loopback processing has two modes: Merge and Replace. Since this is a screensaver, I'm guessing that you're using Merge.

    Normally, lowest GPO wins. If you have a very top level screensaver policy and 25 OU's down there is a different policy, the policy that is 25 OU's down is the applied policy. If the higher level GPO is Enforced, it should win unless you're blocking inheritance at an OU.

    On the surface, this sounds like a Security Filtering problem. Screensaver settings are on the User side... they only apply to users. If you apply a User side setting to a computer, it will be processed by any user logging into that computer. Your best bet is to run a gpresult (as the user getting the wrong setting) to see what policy they're getting.
    Reply With Quote Reply With Quote
  3. 02-19-2012, 01:04 AM #3
    phyllis2011you Guest

    Default

    I have learned a lot of practical things, thank you!
    Reply With Quote Reply With Quote
  5. 03-29-2012, 01:02 PM #4
    brad Guest

    Default Thread is now closed

    Thanks for using GPAnswers

    Brad Rudisail
    Tech Support for GPanswers and PolicyPak Software
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Search Engine Friendly URLs by vBSEO