none
Folder Redirection Loop Back Processing Policy - Can't Exclude Servers

    Question

  • Question 
    • You are subscribed to this thread
    8 views

    Folder Redirection Loop Back Processing Policy - Can't Exclude Servers

    NitzanAdar asked on <button aria-label="Date" class="msaActionText msgHistoryBtn info-panel-toggle-link" data-panelcontainer=".userInfo" data-paneltarget="#message-history-holder-55ec882f-30d1-48ea-8ceb-51a9ce9e6d4d" style="color:#006cd8;font-style:inherit;font-variant:inherit;font-weight:inherit;font-size:inherit;line-height:inherit;font-family:inherit;margin:0px;cursor:pointer;padding:0px;border:none;display:inline;" title="See post history">February 23, 2016See post history</button>

    Hi all,

    I recently created a new Forest and want to Redirect Users Profile folders Desktop & My Documents into a shared path.

    I have set my policy like this :

    1) Created a  new OU (Computers) for my Workstations and Moved all workstations into that OU.

    2) Created another OU (Servers) for Servers an Moved all Server Computer accounts into that OU.

    3) Created a Policy under OU Computers :

    * Computer Configuration --->Policies--->Administrative Templates--->System--->Group Ploicy--->Enable Loopback Processing Mode as "Marge".

    * User Configuration--->Policies--->Windows Settings--->Folder Redirection--->Desk"box-sizing:border-box;margin-bottom:0px;border:0px;padding-right:0px;padding-vertical-align:top;-webkit-font-smoothing:antialiased;min-height:19px;color:#333333;">Basic

    \\Server\SharedFolder

    (On the Server's Shared Folder I added "Domain Users" Group and gave full control on Share.)

    ***The same on Documents.

    4) Added to Filter the Group "Domain Users".

    5) Did Gpupdate /force on all Servers and Machines 

    6) I created a Users for testing (Domain user).

    What happens is this :

    GPO Applies on all Computer accounts, in both OU's.

    And I do not need a Redirection for users login to Servers...

    Also, since I'v tried so many functions, the GPO is not being Updated even with "gpupdate /force".

    Any ideas for clean GPO Cache?

    Can someone enlighten my eyes please?

    Wednesday, March 02, 2016 5:12 PM

Answers

  • > 4) Added to Filter the Group "Domain Users".
     
    If you use loopback "Merge", the computer accound requires read rights
    to the user GPOs in question to apply them.
     
    > *GPO Applies on all Computer accounts, in both OU's.*
     
    Create a RSoP report and examine the effective policy that does the
    redirection. Most probably it is a totally different GPO than the one
    you are dealing with currently.
     
    (run "gpresult /h report.html && report.html")
     
    Thursday, March 03, 2016 9:09 AM

All replies

  • Hi,

    Thanks for your post.

    As we know, redirection is a user setting not computer. Using loop back processing policy tells the computer to apply all GPOs that would apply to it if it was a user account basically. Also even in Merge mode I think the user settings that have been applied from loopback processing will take priority if the same policy setting (but a different value) has been applied to the user.

    Circle Back to Loopback

    https://blogs.technet.microsoft.com/askds/2013/02/08/circle-back-to-loopback/

    Loopback processing with merge or replace

    https://technet.microsoft.com/en-us/library/cc782810%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Since the GPO is not working now, We recommend you remove this GPO and clear the local GPO cache, then creating a new one.

    To clear the local GPO cache, make sure you can view hidden files and folders and perform the following:

    1. Browse to C:\ProgramData\Microsoft\Group Policy\History 
    2. Delete all of the contents under the History folder
    3. Open the command prompt and run GPUpdate /force
    4. Reboot the system

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 03, 2016 3:36 AM
    Moderator
  • > 4) Added to Filter the Group "Domain Users".
     
    If you use loopback "Merge", the computer accound requires read rights
    to the user GPOs in question to apply them.
     
    > *GPO Applies on all Computer accounts, in both OU's.*
     
    Create a RSoP report and examine the effective policy that does the
    redirection. Most probably it is a totally different GPO than the one
    you are dealing with currently.
     
    (run "gpresult /h report.html && report.html")
     
    Thursday, March 03, 2016 9:09 AM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 07, 2016 8:46 AM
    Moderator