Loopback Processing
Home > IT Answers > Microsoft Windows > Loopback Processing
Dlr
15 pts.
0
Q:
Loopback Processing
Group Policy, Active Directory, Windows Server 2003
I have a workstations OU with approx. 200 computers in it. Out of those 200 computers, I have 5 of them that when logged into by any user needs to have the screensaver exempted. I have built a security group, added the 5 workstations to the group that needs the screensaver exempt policy. I then created a GPO, enabling Loopback, Replace Mode, configured USER settings and applied the security group in the Security Filtering with AGP and Read access. Do I remove Authenticated Users? I've tried both ways. When I removed authenticated users, no one gets the policy. When I leave authenticated users, then everyone who logs into any of the computers in the Workstations OU gets the screensaver exempt policy, not just the 5 that are suppose to. If anyone could give me the correct steps to complete to get this GPO to work, I'd really apprecitate it.

Software/Hardware used:
Windows 2003, Vista and XP
ASKED: Sep 15 2009  7:41 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
Mshen
23505 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
You need to move those 5 computers to another OU in active directory. Then link the GPO to the OU. That will cause the GPO to apply for only those 5 computers.

---------------------------------------------

First You must remove the old secuirty group (GPO) or . then used this step, and first move those 5 computer to new OU at last establish the approx policy thats you need.
Last Answered: Sep 16 2009  9:04 PM GMT by Mshen   23505 pts.
Latest Contributors: Bbb   700 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Pjb0222   1110 pts.  |   Sep 16 2009  7:36PM GMT

When you use loopback like this, the policy restrictions are all based on the machine, not the user. Filtration must be made at the machnine level. Use either a separate OU or a machine group to filter which machine have this special policy applied.

When you filter, you want everyone to be able to read the policy but only machines that are members of the group to apply the policy. So check the SCOPE | SECURITY FILTERING and ensure only the filtering group is in there.

Finally, the order the policies applies is important. Watch for that as a potential issue.

 

Dlr   15 pts.  |   Sep 16 2009  8:25PM GMT

I already had a security group built containing just the effected computers with AGP & Read permissions, but I think where my mistake was, is that I also had “authenticated” users in the SCOPE/SECURITY FILTERING with those same permissions. I went in and changed “authenticated” users to Read ONLY, which made them disappear from the SCOPE/SECURITY FILTERING. I will try this and see if it works. Thank You.

 
0