Loopback policy partly applied after restart. GPUPDATE /FO..

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Mike Schmeitz" <MikeSchmeitz@discussions.microsoft.com> wrote in message
news:14284BBA-7FAD-4D4A-8241-C4EC7A59D373@microsoft.com...
> Hi,
>
> Win2k AD with loopback policy for XP clients. All policy's are applied
> except 1. The loopback policy. Policy is applied for user settings, but is
> NOT applied for computer.

Loopback is only about Users.

It loops back through all the policies for the USER as
if the user were in the same Domain and OUs as the
computer.

> gpresult does not show the loopback GPO.

What the heck is a "loopback GPO"?

Loopback applies ordinary GPOs (to the user) which are
linked to the containers of the computer.

> Restarted system several times with
> same result. After running the "gpupdate /force" the loopback GPO also
showed
> in computer settings.
>
> Any idea how to activate the policy automatically, or what stops the
policy
> being active after restart?



--
Herb Martin


>
> Gr,
> Mike Schmeitz

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hmm I don't quite understand you here. You turn on the loopback GPO
setting when you want all GP settings applied to an OU that contains a
computer<s> where no matter who logs onto that computer they all
receive hose settings.
For instance in our company we have a couple of citrix/win2k serv
servers where we have a group policy set on the OU that contains their
citrix servers. In fact they are the only objects in that OU. That
group policy has loopback processing enabled (replace mode) and a whole
raft of other settings. What the loopback settings tells active
directory is that "whoever logs on to these servers they will receive
all the settings that are set in this group policy".
This means that we know whoever logs onto these servers they will
receive everthing that is set in the group policy regardless of user
group or whatever.
Another way you can do this is just don't use the loopback setting and
move all the users for who you want a particular GP to apply into an OU
and link the GP to that OU. However we can't do that in our setup which
is why loopback processing is a great solution - MS using their brains
for once.
Does this help?
When you say all policies are defined except the loopback
policy.....well that's fine isnt it?

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thnx for the contribution

Problem was time-sync. It works now

"erectmember@gmail.com" wrote:

> Hmm I don't quite understand you here. You turn on the loopback GPO
> setting when you want all GP settings applied to an OU that contains a
> computer<s> where no matter who logs onto that computer they all
> receive hose settings.
> For instance in our company we have a couple of citrix/win2k serv
> servers where we have a group policy set on the OU that contains their
> citrix servers. In fact they are the only objects in that OU. That
> group policy has loopback processing enabled (replace mode) and a whole
> raft of other settings. What the loopback settings tells active
> directory is that "whoever logs on to these servers they will receive
> all the settings that are set in this group policy".
> This means that we know whoever logs onto these servers they will
> receive everthing that is set in the group policy regardless of user
> group or whatever.
> Another way you can do this is just don't use the loopback setting and
> move all the users for who you want a particular GP to apply into an OU
> and link the GP to that OU. However we can't do that in our setup which
> is why loopback processing is a great solution - MS using their brains
> for once.
> Does this help?
> When you say all policies are defined except the loopback
> policy.....well that's fine isnt it?
>
>