Loopback Processing

15 pts.
Active Directory
Group Policy
Microsoft Windows Server 2003
I have a workstations OU with approx. 200 computers in it. Out of those 200 computers, I have 5 of them that when logged into by any user needs to have the screensaver exempted. I have built a security group, added the 5 workstations to the group that needs the screensaver exempt policy. I then created a GPO, enabling Loopback, Replace Mode, configured USER settings and applied the security group in the Security Filtering with AGP and Read access. Do I remove Authenticated Users? I've tried both ways. When I removed authenticated users, no one gets the policy. When I leave authenticated users, then everyone who logs into any of the computers in the Workstations OU gets the screensaver exempt policy, not just the 5 that are suppose to. If anyone could give me the correct steps to complete to get this GPO to work, I'd really apprecitate it.

Software/Hardware used:
Windows 2003, Vista and XP

Answer Wiki

Thanks. We'll let you know when a new response is added.

You need to move those 5 computers to another OU in active directory. Then link the GPO to the OU. That will cause the GPO to apply for only those 5 computers.


First You must remove the old secuirty group (GPO) or . then used this step, and first move those 5 computer to new OU at last establish the approx policy thats you need.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Pjb0222
    When you use loopback like this, the policy restrictions are all based on the machine, not the user. Filtration must be made at the machnine level. Use either a separate OU or a machine group to filter which machine have this special policy applied. When you filter, you want everyone to be able to read the policy but only machines that are members of the group to apply the policy. So check the SCOPE | SECURITY FILTERING and ensure only the filtering group is in there. Finally, the order the policies applies is important. Watch for that as a potential issue.
    3,310 pointsBadges:
  • Dlr
    I already had a security group built containing just the effected computers with AGP & Read permissions, but I think where my mistake was, is that I also had "authenticated" users in the SCOPE/SECURITY FILTERING with those same permissions. I went in and changed "authenticated" users to Read ONLY, which made them disappear from the SCOPE/SECURITY FILTERING. I will try this and see if it works. Thank You.
    15 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: