GPO : Loopback Processing

In this tutorial, I will try to simply introduce you to how reminder loops work in GPOs.

It quickly becomes a joke when we have a mixed environment with local users, RDS users and mobile users.

Context

To illustrate this article, I am going to assume that I have a company with two remote sites of about thirty kilometers and that the HR has a fixed position on each site and 3 days work on site A and 2 days on site B .

Each site has two servers:

  • An Active Directory
  • A file server with the folders replicated by using the DFS service.

Problematic

When HR connects to a post, its documents and desktop redirected must point to the right server. If you apply the GPO at the user level, it will always point to the same server. Knowing that a user can not be present in more than one OU.

Solution

Before you start GPOs, your Active Directory should be organized in the following way or something similar. The computers on site A and B must be in different organizational units.

Arbo AD

To apply the document redirection to the right place we will put the strategy on the OU where the computers are.

The callback loop will allow us to apply the GPO user settings in one OR there are computers.

1 – Create a GPO with callback loop and the linked to both OR computers.

Computer Configuration \ Policies \ Administrative Templates \ System \ Group Policy
Configure User Group Policy Loopback Processing Mode: Enabled
Mode: Replace

Verify that the GPO applies first.

2 – It is now necessary to create the 2 GPO of redirections of the files and to attribute them to the OR.

GPO REDIRECTIONS DOSSIERS

With this configuration, HR will retrieve its Desktop and Document folders on site A and B from the local server.

This solution can also be applied for drives and printers.

Conclusion

Applying a callback loop allows you to apply user settings to an Organizational Unit that contains computers.

Reminder loops are used in the following cases:

  • Applications of user policies based on the post where the user logs on.
  • Applying user policies on RDS servers.

Alternative solutions:

  1. use vbs script and play on the registry.
  2. Enabling the namespace in DFS and pointing redirected folders to \\ mydomain.dom\profiles\…..


Related Posts


How to deploy a rds farm Windows 2012R2/2016/2019
In this article, I will explain the step-by-step roll-out of a Windows 2012 R2 / 2016 RDS farm with the following features: Remote Desktop Session Host (x2) Service broker for distribution of connections Setting up a collection; Publishing RemoteApp

GPO hide drive C
Presentation In this tutorial, we'll see how to hide drive C using Group Policy (GPO). This GPO is often used to hide drives on RDS farms. Hiding the reader does not prevent access, it is possible to access the reader by the browser directly entering

SOPHOS XG: clientless access
Clientless access presentation Client-free access to Sophos XG firewalls allows connections to corporate servers without a VPN client by going directly through an internet browser as Citrix does. Clientless access configure Firewall configuration 1.

Leave a Comment