In this tutorial, I will try to present to you simply the functioning of Loopback Processing in GPOs.
It quickly becomes a headache when we have a mixed environment with local users, RDS users and mobile users to apply Group Policy settings depending on the computer where the user logs on.
The recall loops at the policy level will allow user parameters to be applied to an organizational unit in which computers are located and therefore to personalize the user’s parameters according to the computer where the latter opens his session.
Context and issues
To illustrate this article, I will assume that I have a company with two sites 30 km apart and that HR has a fixed position on each site and MTW work on site A and TF on site B .
Each site has two servers:
- An Active Directory
- A file server with folders replicated using the DFS service.
When HR connects to an extension, its redirected documents and office must point to the right server. If we apply the GPO at user level, it will always point to the same server. Knowing that a user cannot be present in several OUs.
Solution: loopback processing
Before starting GPOs, the Active Directory should be organized as follows or something close to it. Site A and B computers must be in units of different organizations.
To apply the document redirection in the right place we will put the policy on the OU where the computers are located.
The callback loop will allow us to apply the user settings of the GPO in a computer or there.
1. Create a group policy (GPO) linked to the organizational unit (OU) where the computers are located. Edit the Configure loopback processing mode setting for User Group Policy located in Computer Configuration \ Policies \ Administrative Templates \ System \ Group Policy. Activate the parameter and choose the Replace mode.
2. If strategies are already present, it must be ensured that the GPO which will apply the loopback processing is placed in the first position or before any strategies which applies user parameters.
3. You must now create the folder redirection GPOs and assign them to the OU.
With this configuration, HR will find its Office and Document files on site A and B from the local server depending on the computer where it will open its session.
This solution can also be applied for network readers and printers.
The application of a callback loop makes it possible to apply user parameters in an Organizational Unit which contains computers.
Callback loops are used in the following cases:
- Applications of user policies according to the workstation where the user logs on.
- Application of user policies on RDS servers (Remote Desktop).
Alternative solutions to illustration used:
- Use vbs script and play on the registry.
- Activate the namespace in DFS and point the redirected folders to \ mondomaine.dom \ profil \ …..
- Use Active Directory sites.