Problem getting my head around using Loopback processing in Group Policy

Posted on 2006-10-20
Medium Priority
Last Modified: 2010-03-18
We have a Group Policy that applies a screensaver Some PCs need to be excluded from having the policy applied (PCs used for presentations etc)
As the screensaver settings are in the User part of the policy I understand the Loopback Processing is the way to go but I'm not sure what steps I have to do to get it working. All of the information I have found about Loopback Processing seems to say how to turn it on but not the other steps!

The screensaver policy is currently applied at Domain level. All our computers are currently in the default Computers container (i.e. not in an OU) I am willing to move the affected PCs to a seperate OU if necessary but would prefer not to if possibly as we are in the process of planning our OU structure and these PCs may need to be in other OUs (arranged by department for example)

So, step by step, what do I need to do?

Question by:SYPTE-IT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 71

Accepted Solution

Chris Dent earned 2000 total points
ID: 17772864

Hi Tim,

Is it a Windows 2003 Domain? If so, download the Group Policy Management Console, it'll make the next steps easier.


First of all create a Security Group, you can call it what you like, but for the sake of this we'll make it "Screensaver Override". You need to add any PCs account to this group that you want to stop the Screensaver applying.

Next, create a new Group Policy, again you can call it what you like, but for the sake or argument we'll call that "Screensaver Override" as well. In here set the Screensaver policy you prefer, then it's time to enable Loopback processing:

Computer Configuration \ Administrative Templates \ System \ Group Policy
Enable: User Group Policy Loopback Processing Mode

In your case this needs to be set to Replace (as you want to override the original settings).

Almost there, in GPMC select the Policy and you should see a "Security Filtering" box. Add the "Screensaver Override" group into here, now the User policy you've set in there will only be applied to the PCs within that group.

Do you have any other policies applied to the Computer OU? If not, then that's where we need to attach this policy. You can do this when you create it from within GPMC. Don't worry if you set it in the wrong place, you can right click to unlink it and relink it in a different place.

Does that all make sense?


Author Comment

ID: 17773398
Yes, thanks
One last clarification

Authenticated Users appears by default in the Security Filtering section of the policy (I'm assuming it is a general default) I have enabled loopback on the policy and added the security group I created that contains the computers that I want the policy to apply to.
However I'm not certain whether I need to leave Authenticated Users in or take it out. From my testing I'm assuming that I leave it in but I want to be certain of this before rolling it out.

LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 2000 total points
ID: 17774216

You need to remove Authenticated Users; that's everyone in the domain.


Author Comment

ID: 17774344
I wasn't sure whether leaving Authenticated Users in would apply the policy to everyone in Authenticated Users AND to computers in the computer security group (which is what it does) or whether it would only apply to Authenticated Users when they are using the computers in the computer security group. Glad I asked.

Thansk for the help
LVL 71

Expert Comment

by:Chris Dent
ID: 17774514

Pleasure :)


Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question