none
WIndows 2012 R2 GP..Loopback processing enabled.....IE11 GP template not working

    Question


  • I have a set of 3 Desktop security policies applied on HR OU under parent OU BU. GPs are inheriting from parent OU. I have specifically doing VDI testing on BU OU so Loopback processing is enabled & inheritance is blocked on BU OU.
    I want to know if user from different OU tries to login to View RDSH server inside BU OU...can user policies be still inherite or simple blocked & only user policies mentioned on BU OU will get applied......Let me know for any explanation to clear my concern.

    Also RDSH server is WIndows 2012 R2 hence IE 11 is installed by default......so i have followed IE11 GP Templates article for GP settings & registry settings for specifying Proxy server details......at client end i can see Registry populating but under IE connections same setting is not in effect hence internet access not working.

    Please help me.



    Tuesday, January 06, 2015 5:09 AM

Answers

  • Hi,

    >>Computer objects are in RDSH OU on which 3 Desktop restriction policies including User/Computer settings applied & inheritance set to block on RDSH OU.

    For we have enabled Block Inheritance for the RDSH OU, all GPOs linked at the higher hierarchy will be blocked provided that these GPOs are not enforced, which means that computers can only apply group policy settings which are configured in the GPOs linked to the RDSH OU.

    >>My question is if user from BU OU logs into RDSH server which policies will be in effect. Only Computer & User settings from RDSH OU will be in effect or certain User settings will get inherite from Parent Domain OUs.

    User settings will inherit from higher hierarchy, for Block Inheritance is not enabled for BU OU where user accounts reside. Besides, for we have enabled Loopback processing for the RDSH OU and selected Merge mode, the user settings from the GPOs linked to RDSH OU will also be applied and these GPOs have higher precedence for processing user settings.

    However, why did we choose to enable Block Inheritance for the RDSH OU? In this way, security settings in default group policy object will not get applied to the computers in RDSH OU. Besides, why did we enable Loopback processing for user settings?  What do we want to achieve? 

    Best regards,

    Frank Shen


    Tuesday, January 20, 2015 2:18 AM
    Moderator

All replies

  • Could you tell what object OU BU contains ... users or computers..?
    Tuesday, January 06, 2015 5:54 AM

  • & what is the loop back mode you have selected ?
    Tuesday, January 06, 2015 5:56 AM
  • Sorry to mentioned that.

    HR OU contains RDSH servers whereas BU OU contains Users.
    Loopback mode selected is merger & inheritance set to block on BU OU.
    Thursday, January 08, 2015 6:11 AM
  • So where you have linked the gpo where you configured loop back?

    Regards, Prabhu

    Thursday, January 08, 2015 6:22 AM
  • Hi,

    Could you help clarifying more on what you mean by when user from other OU will login...

    As i understand your problem

    OU - Business Unit (Users) - Block Inheritance is set on this OU, which means any policy set at the top will not get applied to any user/computer object Under Business unit or sub-OU

    Sub OU under - HR OU (Computers) - 

    Question - If user from any other OU will login, i assume the user is neither a part of BU or HR OU, he/she part of any other OU where you have all the GPO links in place, per my understand the user will pull the 'User configuration' setting from the OU he/she ia part of of, where as the computer configuration set on HR OU will be apply here only as the block inheritence is applicable on computer at the BU - OU level thus the computer will pull what is available at BU - OU level.

    I hope i answer your query, let us know if our understanding is not correct.

    Best of luck


    Inderjit

    Thursday, January 08, 2015 7:18 AM
  • Ok Let me clear my doubt in pieces

    Let me rename HR OU to RDSH OU

    Computer objects are in RDSH OU on which 3 Desktop restriction policies including User/Computer settings applied & inheritance set to block on RDSH OU. Loopback processing is enabled with Merge setting.

    Users are in BU OU & on my domain certain Default Domain policies are set.

    My question is if user from BU OU logs into RDSH server which policies will be in effect. Only Computer & User settings from RDSH OU will be in effect or certain User settings will get inherite from Parent Domain OUs.

    ----------------------------------------------------------

    Second question is My Primary DC is Windows 2008 R2 & have 2012 ADC. I have mentioned IE 10 GP settings from Windows 2012 DC on RDSH OU but this is not working like Proxy. I hope i dont need to inport any other template for Windwos 2012 R2 for it to work.

    Thursday, January 08, 2015 12:21 PM
  • Can someone help from Tech team.
    Monday, January 19, 2015 6:46 AM
  • Hi,

    >>Computer objects are in RDSH OU on which 3 Desktop restriction policies including User/Computer settings applied & inheritance set to block on RDSH OU.

    For we have enabled Block Inheritance for the RDSH OU, all GPOs linked at the higher hierarchy will be blocked provided that these GPOs are not enforced, which means that computers can only apply group policy settings which are configured in the GPOs linked to the RDSH OU.

    >>My question is if user from BU OU logs into RDSH server which policies will be in effect. Only Computer & User settings from RDSH OU will be in effect or certain User settings will get inherite from Parent Domain OUs.

    User settings will inherit from higher hierarchy, for Block Inheritance is not enabled for BU OU where user accounts reside. Besides, for we have enabled Loopback processing for the RDSH OU and selected Merge mode, the user settings from the GPOs linked to RDSH OU will also be applied and these GPOs have higher precedence for processing user settings.

    However, why did we choose to enable Block Inheritance for the RDSH OU? In this way, security settings in default group policy object will not get applied to the computers in RDSH OU. Besides, why did we enable Loopback processing for user settings?  What do we want to achieve? 

    Best regards,

    Frank Shen


    Tuesday, January 20, 2015 2:18 AM
    Moderator