Problem getting my head around using Loopback processing in Group Policy

Posted on 2006-10-20
Last Modified: 2010-03-18
We have a Group Policy that applies a screensaver Some PCs need to be excluded from having the policy applied (PCs used for presentations etc)
As the screensaver settings are in the User part of the policy I understand the Loopback Processing is the way to go but I'm not sure what steps I have to do to get it working. All of the information I have found about Loopback Processing seems to say how to turn it on but not the other steps!

The screensaver policy is currently applied at Domain level. All our computers are currently in the default Computers container (i.e. not in an OU) I am willing to move the affected PCs to a seperate OU if necessary but would prefer not to if possibly as we are in the process of planning our OU structure and these PCs may need to be in other OUs (arranged by department for example)

So, step by step, what do I need to do?

Question by:SYPTE-IT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 71

Accepted Solution

Chris Dent earned 500 total points
ID: 17772864

Hi Tim,

Is it a Windows 2003 Domain? If so, download the Group Policy Management Console, it'll make the next steps easier.

First of all create a Security Group, you can call it what you like, but for the sake of this we'll make it "Screensaver Override". You need to add any PCs account to this group that you want to stop the Screensaver applying.

Next, create a new Group Policy, again you can call it what you like, but for the sake or argument we'll call that "Screensaver Override" as well. In here set the Screensaver policy you prefer, then it's time to enable Loopback processing:

Computer Configuration \ Administrative Templates \ System \ Group Policy
Enable: User Group Policy Loopback Processing Mode

In your case this needs to be set to Replace (as you want to override the original settings).

Almost there, in GPMC select the Policy and you should see a "Security Filtering" box. Add the "Screensaver Override" group into here, now the User policy you've set in there will only be applied to the PCs within that group.

Do you have any other policies applied to the Computer OU? If not, then that's where we need to attach this policy. You can do this when you create it from within GPMC. Don't worry if you set it in the wrong place, you can right click to unlink it and relink it in a different place.

Does that all make sense?


Author Comment

ID: 17773398
Yes, thanks
One last clarification

Authenticated Users appears by default in the Security Filtering section of the policy (I'm assuming it is a general default) I have enabled loopback on the policy and added the security group I created that contains the computers that I want the policy to apply to.
However I'm not certain whether I need to leave Authenticated Users in or take it out. From my testing I'm assuming that I leave it in but I want to be certain of this before rolling it out.

LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 17774216

You need to remove Authenticated Users; that's everyone in the domain.


Author Comment

ID: 17774344
I wasn't sure whether leaving Authenticated Users in would apply the policy to everyone in Authenticated Users AND to computers in the computer security group (which is what it does) or whether it would only apply to Authenticated Users when they are using the computers in the computer security group. Glad I asked.

Thansk for the help
LVL 71

Expert Comment

by:Chris Dent
ID: 17774514

Pleasure :)


Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Select which programs use which internet connection 15 84
Windows Update Isn't working 41 208
BGP routing on Windows 2016 7 160
New IP's needed ASAP 6 81
This article is in response to a question ( here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Resolve DNS query failed errors for Exchange
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question