GPO : Loopback Processing

Windows Server 2012R2  Windows Server 2016  Windows Server 2019

In this tutorial, I will try to present to you simply the functioning of Loopback Processing in GPOs.

It quickly becomes a headache when we have a mixed environment with local users, RDS users and mobile users to apply Group Policy settings depending on the computer where the user logs on.

The recall loops at the policy level will allow user parameters to be applied to an organizational unit in which computers are located and therefore to personalize the user’s parameters according to the computer where the latter opens his session.

Context and issues

To illustrate this article, I will assume that I have a company with two sites 30 km apart and that HR has a fixed position on each site and MTW work on site A and TF on site B .

Each site has two servers:

  • An Active Directory
  • A file server with folders replicated using the DFS service.

When HR connects to an extension, its redirected documents and office must point to the right server. If we apply the GPO at user level, it will always point to the same server. Knowing that a user cannot be present in several OUs.

Solution: loopback processing

Before starting GPOs, the Active Directory should be organized as follows or something close to it. Site A and B computers must be in units of different organizations.

Arbo AD

To apply the document redirection in the right place we will put the policy on the OU where the computers are located.

The callback loop will allow us to apply the user settings of the GPO in a computer or there.

1. Create a group policy (GPO) linked to the organizational unit (OU) where the computers are located. Edit the Configure loopback processing mode setting for User Group Policy located in Computer Configuration \ Policies \ Administrative Templates \ System \ Group Policy. Activate the parameter and choose the Replace mode.

2. If strategies are already present, it must be ensured that the GPO which will apply the loopback processing is placed in the first position or before any strategies which applies user parameters.

3. You must now create the folder redirection GPOs and assign them to the OU.

GPO REDIRECTIONS DOSSIERS

With this configuration, HR will find its Office and Document files on site A and B from the local server depending on the computer where it will open its session.

This solution can also be applied for network readers and printers.

Conclusion

The application of a callback loop makes it possible to apply user parameters in an Organizational Unit which contains computers.

Callback loops are used in the following cases:

  • Applications of user policies according to the workstation where the user logs on.
  • Application of user policies on RDS servers (Remote Desktop).

Alternative solutions to illustration used:

  1. Use vbs script and play on the registry.
  2. Activate the namespace in DFS and point the redirected folders to \ mondomaine.dom \ profil \ …..
  3. Use Active Directory sites.


Related Posts


Active Directory: Add a Domain Controller to PowerShell

Table Of ContentsIntroductionPrerequisitesInstalling the ADDS role in PowerShellDomain Controller Promotion in PowerShellComplements Introduction In this tutorial, we will see how to add an Active Dir

GPO: Enabling and Configuring WinRM – Remote Management

Table Of ContentsPresentationGPO for WinRMConfiguring WinRMService configuration Presentation In this tutorial, we will have how to enable and configure remote management (WinRM - Windows Remote Manag

Publish RemoteApp 2008R2 on a Farm RDS 2012R2 / 2016/2019

Presentation In this article, I will explain how to publish RemoteApp applications from an RDS server running Windows 2008R2 on a RDS 2012,2016 or 2016 farm. Prerequisites An RDS server running Window

Scroll to Top