none
User Group Filtering on Goup Policy with loopback processing mode.

    Question

  • We are tying to apply a group policy which has a user logon script to an OU contains 1100 VDI Vms. We have 5 different groups and ech goupp of users requires 5 different logon scripts. We have created a test GPO with th logon script and loopbacl processing mode set to merge. On security filtering we have added Group1. But we have observed that the policy not applying. But after removing Group1 from Security Filtering and add Authenticated users, we have seen the policy is working. Anybody has a solution for this type of scenario. Around 600 users in 5 different group only requires this logon script. remaining users on VDI doent not requires logon script.
    Wednesday, October 12, 2016 8:36 PM

Answers

  • Hi Rajesh,

    We are tying to apply a group policy which has a user logon script to an OU contains 1100 VDI Vms.

    >>>Are there only computer accounts in the OU?

     We have 5 different groups and ech goupp of users requires 5 different logon scripts. We have created a test GPO with th logon script and loopbacl processing mode set to merge.

    >>>To achieve your goal, you need create two OU.

    One OU for computer accounts, then create GPO link to the OU with configuring Loopback mode.

    One OU for user accounts, create a GPO1 link to the OU, then configure logon script and set the security filtering with the Group1.

    Repeating the above actions that create GPO2, then configure logon script and set the security filtering with Group2.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 13, 2016 2:29 AM
    Moderator
  • > with th logon script and loopbacl processing mode set to merge. On
     
    For Loopback Merge to work, the computer account (!) needs read access
    to the user GPOs in question. For about 10 years now :-) (starting with
    Vista/2008)
     
    Thursday, October 13, 2016 12:04 PM

All replies

  • Hi Rajesh,

    We are tying to apply a group policy which has a user logon script to an OU contains 1100 VDI Vms.

    >>>Are there only computer accounts in the OU?

     We have 5 different groups and ech goupp of users requires 5 different logon scripts. We have created a test GPO with th logon script and loopbacl processing mode set to merge.

    >>>To achieve your goal, you need create two OU.

    One OU for computer accounts, then create GPO link to the OU with configuring Loopback mode.

    One OU for user accounts, create a GPO1 link to the OU, then configure logon script and set the security filtering with the Group1.

    Repeating the above actions that create GPO2, then configure logon script and set the security filtering with Group2.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 13, 2016 2:29 AM
    Moderator
  • > with th logon script and loopbacl processing mode set to merge. On
     
    For Loopback Merge to work, the computer account (!) needs read access
    to the user GPOs in question. For about 10 years now :-) (starting with
    Vista/2008)
     
    Thursday, October 13, 2016 12:04 PM
  • Hi,

    Are there any updates?

    If the replies have resolved your problem, please mark it as answer as it would be helpful to anyone who encounters the similar issue.

    Thank you.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 7, 2016 12:04 PM
    Moderator