none
Moving between Windows 7 and Windows 10 GPO User Settings RRS feed

  • Question

  • So I have a client who is looking to migrate to Windows 10 Enterprise which is all good . Create separate GPO structure for Windows 20 machine sand eventually start moving machines into the new OU structure and start fresh moving across only setting that you need and are relevant.

    However there will be a period where hot desk users will be logging in to Windows 7 and Windows 10 machines depending on the location. How can this scenario be catered for ?

    1. WMI filtering?

    2.Security filtering?

    3.Loopback processing?

    They are currently using Loopback processing for this scenario and I do not know if this is the best approach for their scenario?

    The concern I guess is :

    1.Is this the best approach?

    2.What needs to be done once all machines have been migrated across to Windows 10 , as this will take a considerable time , how will we untie the loop back processing?

    How have you approached this problem in your organsiations?

    Thanks

    Symcloud

    Monday, July 2, 2018 10:20 AM

All replies


  • Yes, Symcloud. I agree with your idea, Loopback processing of Group Policy is the best practice for current scenario.

    If you want to apply a different user policy to users when they log into computers in a different OU, then you need to use Loopback policy mode (Computer\Administrative Templates\System\Group Policy).

    When you apply the loopback mode to a particular computer OU, then any user that logs into a computer on that OU gets the user policies that are applied to that OU.  Loopback processing can take two forms: Either replace or merge.  In Replace(you may don’t need to care), the User policies in the computer's OU replace all of the User policies that the user would normally have, and merge simply adds those policies to those that the user would normally have.  About merge(as you thought), simply "Disable" any policies that were enabled in other places that you don't want.

    Loopback processing of Group Policy

    https://support.microsoft.com/en-sg/help/231287/loopback-processing-of-group-policy

    Go ahead.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, July 3, 2018 6:27 AM
    Moderator
  • Would you mind letting me know the update of the problem? If you need further assistance, feel free to let me know.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 6, 2018 9:06 AM
    Moderator
  • Thanks as I thought, just explain the "simply "Disable" any policies that were enabled in other places that I don't want" bit please?
    Friday, July 6, 2018 10:10 AM
  • Create a computer group, add the computers in the OU to the computer group. What you will want to do is create a new policy for just that OU, enable loopback processing on it, and in the Security Filtering area, only apply it to the computer group, and Authenticated Users. Take note of the above post for notes on the loopback settings.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 9, 2018 1:23 AM
    Moderator