Group Policy Objects (GPO) is a set of rules for Users and Computers, thus the policies for computers will be applied to computers and the policies for users will be applied to users. This article applies to
Windows Server scenarios.
Let’s assume that you have two organizational units in your domain:
In OU-TSSERVERS units, there are computer accounts, and in the
OU-SUPPORT units there are users accounts.
In OU-TSSERVER, you created and configured a new GPO. So, there are policies for:
In OU-SUPPORT, you created and configured a new GPO. So, there are policies for:
When a user belonging to OU-SUPPORT logs on a server that belongs to the
OU-TSSERVER, what happens?
This is the default setting.
Now we are finally going to learn about User Group Policy Loopback Processing Mode.
When configuring the policy Loopback Processing Mode, you can choose two different options,
Replace and Merge.
When you define the "User Group Loopback processing Mode", to "Replace" on the GPO linked to the
When you define the "User Group Loopback processing Mode", to "Merge" on the GPO linked to the
NOTE: In case of conflict, the users policies from OU-TSSERVERS have precedence. Because the computer's GPOs are processed after the user's GPOs, they have precedence if any of the settings conflict.
Use this configuration if you have users in your domain whose folders are redirected through policy, but you don’t want that redirect to occur when users log on through Terminal Services.
You need to enable this policy setting using the Replace mode on GPO linked to OU, where the Terminal Server's computer accounts are (without folder redirection enabled). When users log on to Terminal Servers, the policy folder redirection is not applied.
Using Group Policy Management Console, edit the GPO you desire, expand
Computer Configuration\Policies\Administrative Templates\System\Group Policy,
and then double-click User Group Policy Loopback Processing Mode.
Then select the appropriate option (Replace or Merge).
This article was originally written by:
Leader UGSS Mcsesolution (GITCA)
MCLC Microsoft Certified Learning Consultant
MCITP Enterprise, MCP, MCSA, MCSE, MCT, MCSE Messaging / Security
Colaborador do www.mcpbrasil.com
Donda's site: http://www.mcsesolution.com