Problem getting my head around using Loopback processing in Group Policy

Posted on 2006-10-20
Last Modified: 2010-03-18
We have a Group Policy that applies a screensaver Some PCs need to be excluded from having the policy applied (PCs used for presentations etc)
As the screensaver settings are in the User part of the policy I understand the Loopback Processing is the way to go but I'm not sure what steps I have to do to get it working. All of the information I have found about Loopback Processing seems to say how to turn it on but not the other steps!

The screensaver policy is currently applied at Domain level. All our computers are currently in the default Computers container (i.e. not in an OU) I am willing to move the affected PCs to a seperate OU if necessary but would prefer not to if possibly as we are in the process of planning our OU structure and these PCs may need to be in other OUs (arranged by department for example)

So, step by step, what do I need to do?

Question by:SYPTE-IT
  • 3
  • 2
LVL 70

Accepted Solution

Chris Dent earned 500 total points
ID: 17772864

Hi Tim,

Is it a Windows 2003 Domain? If so, download the Group Policy Management Console, it'll make the next steps easier.

First of all create a Security Group, you can call it what you like, but for the sake of this we'll make it "Screensaver Override". You need to add any PCs account to this group that you want to stop the Screensaver applying.

Next, create a new Group Policy, again you can call it what you like, but for the sake or argument we'll call that "Screensaver Override" as well. In here set the Screensaver policy you prefer, then it's time to enable Loopback processing:

Computer Configuration \ Administrative Templates \ System \ Group Policy
Enable: User Group Policy Loopback Processing Mode

In your case this needs to be set to Replace (as you want to override the original settings).

Almost there, in GPMC select the Policy and you should see a "Security Filtering" box. Add the "Screensaver Override" group into here, now the User policy you've set in there will only be applied to the PCs within that group.

Do you have any other policies applied to the Computer OU? If not, then that's where we need to attach this policy. You can do this when you create it from within GPMC. Don't worry if you set it in the wrong place, you can right click to unlink it and relink it in a different place.

Does that all make sense?


Author Comment

ID: 17773398
Yes, thanks
One last clarification

Authenticated Users appears by default in the Security Filtering section of the policy (I'm assuming it is a general default) I have enabled loopback on the policy and added the security group I created that contains the computers that I want the policy to apply to.
However I'm not certain whether I need to leave Authenticated Users in or take it out. From my testing I'm assuming that I leave it in but I want to be certain of this before rolling it out.

LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 17774216

You need to remove Authenticated Users; that's everyone in the domain.


Author Comment

ID: 17774344
I wasn't sure whether leaving Authenticated Users in would apply the policy to everyone in Authenticated Users AND to computers in the computer security group (which is what it does) or whether it would only apply to Authenticated Users when they are using the computers in the computer security group. Glad I asked.

Thansk for the help
LVL 70

Expert Comment

by:Chris Dent
ID: 17774514

Pleasure :)


Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
This article is in response to a question ( here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: (…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now