Loopback policy partly applied after restart. GPUPDATE /FO..

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

Win2k AD with loopback policy for XP clients. All policy's are applied
except 1. The loopback policy. Policy is applied for user settings, but is
NOT applied for computer.

gpresult does not show the loopback GPO. Restarted system several times with
same result. After running the "gpupdate /force" the loopback GPO also showed
in computer settings.

Any idea how to activate the policy automatically, or what stops the policy
being active after restart?

Gr,
Mike Schmeitz
3 answers Last reply
More about loopback policy partly applied restart gpupdate
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Mike Schmeitz" <MikeSchmeitz@discussions.microsoft.com> wrote in message
    news:14284BBA-7FAD-4D4A-8241-C4EC7A59D373@microsoft.com...
    > Hi,
    >
    > Win2k AD with loopback policy for XP clients. All policy's are applied
    > except 1. The loopback policy. Policy is applied for user settings, but is
    > NOT applied for computer.

    Loopback is only about Users.

    It loops back through all the policies for the USER as
    if the user were in the same Domain and OUs as the
    computer.

    > gpresult does not show the loopback GPO.

    What the heck is a "loopback GPO"?

    Loopback applies ordinary GPOs (to the user) which are
    linked to the containers of the computer.

    > Restarted system several times with
    > same result. After running the "gpupdate /force" the loopback GPO also
    showed
    > in computer settings.
    >
    > Any idea how to activate the policy automatically, or what stops the
    policy
    > being active after restart?


    --
    Herb Martin


    >
    > Gr,
    > Mike Schmeitz
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hmm I don't quite understand you here. You turn on the loopback GPO
    setting when you want all GP settings applied to an OU that contains a
    computer<s> where no matter who logs onto that computer they all
    receive hose settings.
    For instance in our company we have a couple of citrix/win2k serv
    servers where we have a group policy set on the OU that contains their
    citrix servers. In fact they are the only objects in that OU. That
    group policy has loopback processing enabled (replace mode) and a whole
    raft of other settings. What the loopback settings tells active
    directory is that "whoever logs on to these servers they will receive
    all the settings that are set in this group policy".
    This means that we know whoever logs onto these servers they will
    receive everthing that is set in the group policy regardless of user
    group or whatever.
    Another way you can do this is just don't use the loopback setting and
    move all the users for who you want a particular GP to apply into an OU
    and link the GP to that OU. However we can't do that in our setup which
    is why loopback processing is a great solution - MS using their brains
    for once.
    Does this help?
    When you say all policies are defined except the loopback
    policy.....well that's fine isnt it?
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Thnx for the contribution

    Problem was time-sync. It works now

    "erectmember@gmail.com" wrote:

    > Hmm I don't quite understand you here. You turn on the loopback GPO
    > setting when you want all GP settings applied to an OU that contains a
    > computer<s> where no matter who logs onto that computer they all
    > receive hose settings.
    > For instance in our company we have a couple of citrix/win2k serv
    > servers where we have a group policy set on the OU that contains their
    > citrix servers. In fact they are the only objects in that OU. That
    > group policy has loopback processing enabled (replace mode) and a whole
    > raft of other settings. What the loopback settings tells active
    > directory is that "whoever logs on to these servers they will receive
    > all the settings that are set in this group policy".
    > This means that we know whoever logs onto these servers they will
    > receive everthing that is set in the group policy regardless of user
    > group or whatever.
    > Another way you can do this is just don't use the loopback setting and
    > move all the users for who you want a particular GP to apply into an OU
    > and link the GP to that OU. However we can't do that in our setup which
    > is why loopback processing is a great solution - MS using their brains
    > for once.
    > Does this help?
    > When you say all policies are defined except the loopback
    > policy.....well that's fine isnt it?
    >
    >
Ask a new question

Read More

Policy Computers Active Directory Windows