Or, How to enable
Group Policy Loopback Processing for a Group Policy Object?
Or, In what
situation, you should think of using Group Policy Loopback Processing?
Descriptions:
Guys, Group Policy Loopback Processing is one of the cool
feature of Active Directory Group Policy Management but you must be conscious
and understand it very well while playing with this feature. Please note that
Group Policy Loopback Processing is only supported in Active Directory
Environment. There may be some case where you may need to apply a User Based
Policy on Computers OU or a Computer based policy on Users OU.
In this kind of scenario, you can use Group Policy Loopback
Processing to achieve your goals.
How to enable Group
Policy Loopback Processing for a GPO?
Steps: Open Group
Policy Management Console (gpmc.msc)
> Locate the GPO on which you want to enable “Group Policy Loopback
Processing” > Right Click on the GPO and Select Edit > Navigate to Computer
Configuration\Policies\Administrative Templates\System\Group Policy > Select
Configure User Group Policy Loopback
Processing Mode and Open it.
Select Enable >
Now Choose the options as per your requirement “Merge” or “Replace” >
Click OK.
Note: if you are not sure choosing replace mode, you may go ahead with Merge option. Make sure you understand the risk before applying these settings to any production GPO.
Understanding Merge
and Replace Modes in Group Policy Loopback Processing.
Merge Mode
In this mode, when the user logon process initiated, the user's list of GPO is gathered by using the function GetGPOList. The GetGPOList function is then processed by using the computer's location based OUs in AD.
In this mode, when the user logon process initiated, the user's list of GPO is gathered by using the function GetGPOList. The GetGPOList function is then processed by using the computer's location based OUs in AD.
Replace Mode
In this mode, the user's list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.
In this mode, the user's list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.
There are some good stuffs related to this concept written
well on MS TechNet. You may refer the below TechNet article for more.