Problem getting my head around using Loopback processing in Group Policy

Posted on 2006-10-20
Last Modified: 2010-03-18
We have a Group Policy that applies a screensaver Some PCs need to be excluded from having the policy applied (PCs used for presentations etc)
As the screensaver settings are in the User part of the policy I understand the Loopback Processing is the way to go but I'm not sure what steps I have to do to get it working. All of the information I have found about Loopback Processing seems to say how to turn it on but not the other steps!

The screensaver policy is currently applied at Domain level. All our computers are currently in the default Computers container (i.e. not in an OU) I am willing to move the affected PCs to a seperate OU if necessary but would prefer not to if possibly as we are in the process of planning our OU structure and these PCs may need to be in other OUs (arranged by department for example)

So, step by step, what do I need to do?

Question by:SYPTE-IT
  • 3
  • 2
LVL 71

Accepted Solution

Chris Dent earned 500 total points
ID: 17772864

Hi Tim,

Is it a Windows 2003 Domain? If so, download the Group Policy Management Console, it'll make the next steps easier.

First of all create a Security Group, you can call it what you like, but for the sake of this we'll make it "Screensaver Override". You need to add any PCs account to this group that you want to stop the Screensaver applying.

Next, create a new Group Policy, again you can call it what you like, but for the sake or argument we'll call that "Screensaver Override" as well. In here set the Screensaver policy you prefer, then it's time to enable Loopback processing:

Computer Configuration \ Administrative Templates \ System \ Group Policy
Enable: User Group Policy Loopback Processing Mode

In your case this needs to be set to Replace (as you want to override the original settings).

Almost there, in GPMC select the Policy and you should see a "Security Filtering" box. Add the "Screensaver Override" group into here, now the User policy you've set in there will only be applied to the PCs within that group.

Do you have any other policies applied to the Computer OU? If not, then that's where we need to attach this policy. You can do this when you create it from within GPMC. Don't worry if you set it in the wrong place, you can right click to unlink it and relink it in a different place.

Does that all make sense?


Author Comment

ID: 17773398
Yes, thanks
One last clarification

Authenticated Users appears by default in the Security Filtering section of the policy (I'm assuming it is a general default) I have enabled loopback on the policy and added the security group I created that contains the computers that I want the policy to apply to.
However I'm not certain whether I need to leave Authenticated Users in or take it out. From my testing I'm assuming that I leave it in but I want to be certain of this before rolling it out.

LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 17774216

You need to remove Authenticated Users; that's everyone in the domain.


Author Comment

ID: 17774344
I wasn't sure whether leaving Authenticated Users in would apply the policy to everyone in Authenticated Users AND to computers in the computer security group (which is what it does) or whether it would only apply to Authenticated Users when they are using the computers in the computer security group. Glad I asked.

Thansk for the help
LVL 71

Expert Comment

by:Chris Dent
ID: 17774514

Pleasure :)


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is this network design suitable? 3 99
Domain Share problems 5 63
How to scan rdp  ''only'' open port 3333? 5 150
Simultaneous work of Wi-Fi and LAN on Win10 laptop 4 68
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question