Register

Forgot Password

Site FAQ

Home > IT Answers > Windows Server > Loopback Processing

Dlr

15 pts.

Loopback Processing

Active Directory, Group Policy, Windows Server 2003

I have a workstations OU with approx. 200 computers in it. Out of those 200 computers, I have 5 of them that when logged into by any user needs to have the screensaver exempted. I have built a security group, added the 5 workstations to the group that needs the screensaver exempt policy. I then created a GPO, enabling Loopback, Replace Mode, configured USER settings and applied the security group in the Security Filtering with AGP and Read access. Do I remove Authenticated Users? I've tried both ways. When I removed authenticated users, no one gets the policy. When I leave authenticated users, then everyone who logs into any of the computers in the Workstations OU gets the screensaver exempt policy, not just the 5 that are suppose to. If anyone could give me the correct steps to complete to get this GPO to work, I'd really apprecitate it.

Software/Hardware used:
Windows 2003, Vista and XP

ASKED: September 15, 2009 7:41 PM

UPDATED: September 16, 2009 9:04 PM

RELATED QUESTIONS

Answer Wiki:

You need to move those 5 computers to another OU in active directory. Then link the GPO to the OU. That will cause the GPO to apply for only those 5 computers. --------------------------------------------- First You must remove the old secuirty group (GPO) or . then used this step, and first move those 5 computer to new OU at last establish the approx policy thats you need.

Last Wiki Answer Submitted: September 16, 2009 9:04 pm by mshen

27,310 pts.

All Answer Wiki Contributors: mshen

27,310 pts. , Bbb

845 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Sep 16, 2009 7:36 PM (GMT)

When you use loopback like this, the policy restrictions are all based on the machine, not the user. Filtration must be made at the machnine level. Use either a separate OU or a machine group to filter which machine have this special policy applied.

When you filter, you want everyone to be able to read the policy but only machines that are members of the group to apply the policy. So check the SCOPE | SECURITY FILTERING and ensure only the filtering group is in there.

Finally, the order the policies applies is important. Watch for that as a potential issue.

Pjb0222

3,310 pts.

POSTED: Sep 16, 2009 8:25 PM (GMT)

I already had a security group built containing just the effected computers with AGP & Read permissions, but I think where my mistake was, is that I also had “authenticated” users in the SCOPE/SECURITY FILTERING with those same permissions. I went in and changed “authenticated” users to Read ONLY, which made them disappear from the SCOPE/SECURITY FILTERING. I will try this and see if it works. Thank You.

Dlr

15 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags