Windows/Group Policy: The Importance of using the Loopback Policy

Created: 12/27/19

Updated: 12/27/19

Loopback processing limits user settings to the computer that the GPO is applied to. This basically means that a User policy is applied only to the computer that user is logging into and the computer policy doesn’t take effect. In effect, the User policy overrides the default user policy that would normally apply to the computer in question.

A common use of loopback processing is on terminal servers: Users are logging into a server and you need specific user settings applied when they log into only those servers. You need to create a GPO, enable loopback processing and apply the GPO to the OU that has the servers in it.

To Enable Loopback Processing Policy:

Step 1: Open the policy in question

Step 2: Computer Configuration > Policies > Administrative Templates: Policy definitions > System > Group Policy > Configure User Group Policy loopback processing mode

Step 3: ‘Enable’ the policy and set it to ‘Merge’, Press ‘Apply’ and ‘OK’

Bonus Tips:

  1. Never put a group policy in the root of the domain, Only the Default Domain Policy should live there
  2. Don’t modify the Default Domain or Domain Controller policy
  3. Disable unused Computer or User Configurations to speed up processing
  4. Try not to use Enforced and Block Inheritance if you can help it.
  5. try using ‘gpresult /r’ if you want to see the GPO processing on the local machine in CMD
  6. Alternatively, type ‘gpresult /h c:\textfile.html (be sure you are in an elevated state) – then open the file in your web browser

Cheers!

Hope this helps someone. 😀