Solved

Loopback for GPO folder preferences?

Posted on 2011-03-03
11
523 Views
Last Modified: 2012-05-11
Is there a way to assign loopback settings to GPO folder preferences?  We have 2 folders created at login, and it seems they need to be part of the Users section to allow the "Run in user's security context" option.  However, some users don't always login to the machines that need these folders, so the event log generates 2 warnings whenever they login to machines outside the scope of this setting.

I assume a loopback which disables this folder creation would be appropriate, but I can't figure out how to do that?
0
Comment
Question by:sbumpas
  • 5
  • 5
11 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35030995
I think you are refering to loopback processing, this can be applied as per this article: http://support.microsoft.com/kb/231287
0
 

Author Comment

by:sbumpas
ID: 35031069
Correct - but how do I create a loopback GPO for folder creation?  because the folders are typed in, not enabled/disabled/not configured like your average GPO setting.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35031104
I am not sure I understand your question?

The loopback processing ensures that settings that are applied to the computer section of the GPO are applied to the users instead. (or that's the simple terms).
0
 

Author Comment

by:sbumpas
ID: 35031128
Maybe I don't understand loopbacks, then.  My impression was that loopback settings could be used to overwrite portions of a GPO, for an object in an OU, that would otherwise receive it's settings from a higher OU or AD group.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35031142
No, you can block inheritence or no override.

This is very different from loopback processing.

You can also add a group of users to the security tab of the Group Policy and specify Deny on the "Apply Policy" setting.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:sbumpas
ID: 35031243
I'm even confusing myself now - let me rephrase:

In a user-based GPO, I have 2 folder preferences (Prefs -> Windows Setting -> Folders).  Each of these preferences creates a folder for all users in the GPO.  How can I deny this preference when the user logs in to Computer Y or Z, but continue to allow it on Computers A-X?  Y-Z are in a different OU than A-X.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35031256
where are you applying the policies?
0
 

Author Comment

by:sbumpas
ID: 35031267
They are user policies on an OU containing only users.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 35031309
You need to apply the policies at the computer OU's rather than the user OU's and enable loopback processing as per my first link.
0
 
LVL 11

Expert Comment

by:yelbaglf
ID: 35031433
Loopback policy processing can get tricky...

If your PC's that need the folders and the PC's that do NOT are in different OU's, then you might can do this by basically combining/duplicating the GPO's you need for users.  Then apply this duplicated GPO to the OU that contains the PC's that do NOT need the folders.  Of course in this duplicated GPO, you'll want to use the 'Replace' loopback policy option, along with NOT using the group policy that creates the folders.

I'm thinking out loud here, but if thinking correctly, then this would work IF your login script is NOT set in the user's AD properties.  In other words, if it is set with group policy, then 'Replace' will do just that.

Something to note is that network drive and printer mappings ignore this setting as they always use the user context.  As, for literally just creating a folder, you could script something, which might be easier?
0
 

Author Closing Comment

by:sbumpas
ID: 35037607
It appears my understanding of loopback policies was actually the problem here.  Thanks!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now