Windows Server troubleshooting
Loopback processing of Group Policy
Normal user Group Policy processing specifies that computers located in their organizational unit have the GPOs applied in order during computer startup. Users in their organizational unit have GPOs applied in order during logon, regardless of which computer they log on to.
This processing order may not be appropriate in some cases. For example, when you don’t want applications that have been assigned or published to the users in their organizational unit to be installed when the user is logged on to a computer in a specific organizational unit. With the Group Policy loopback support feature, you can specify two other ways to retrieve the list of GPOs for any user of the computers in this specific organizational unit:
- Merge ModeIn this mode, when the user logs on, the user’s list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer’s location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. It causes the computer’s GPOs to have higher precedence than the user’s GPOs. In this example, the list of GPOs for the computer is added to the user’s list.
- Replace ModeIn this mode, the user’s list of GPOs isn’t gathered. Only the list of GPOs based on the computer object is used.
Locate Administrative Templates, select System, select Group Policy, and then enable the Loopback Policy option.