+ Reply to Thread
Results 1 to 10 of 10
  1. Nidhoggr, the Net Serpent Claymoore's Avatar
    Join Date
    Nov 2007
    Location
    FL
    Posts
    1,622

    Certifications
    AWS Architect, MCSEx3, MCITPx6, MCTSx17
    #1

    Default Group Policy Loopback Processing

    I like to think I know a lot about Group Policy, but every now and then I come across something cool that I never knew existed. If you haven't heard about it, I'll introduce you to Group Policy Loopback processing.

    First, some history. We set our screen saver timeout in a GPO applied to an OU above all our user accounts and, for the most part, everyone is happy with the setting. The trouble is, we have PCs in our conference rooms that are used for demonstrations and it would be nice to have a longer timeout value on those PCs. A request was made to increase the timeout value, and another admin changed the value - a USER setting - on the GPO linked to the conference room PC OU. Unfortunately that didn't change anything and the users complained again. The other admin came to me for an explanation and I said that since the user accounts are not in the Conference Room OU, they won't get that setting (which is mostly true). I implemented a workaround - using Server 2008 Group Policy Preferences - where I edited the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and added the value ScreenSaverGracePeriod which I set to 15 (which I picked up from the Windows Registry Guide). This gives the users 15 seconds to move the mouse before the screen saver locks and they have to put in a password. The users accepted this compromise and we moved on.

    This weekend I was reading a few chapters out of the Server 2008 Terminal Services Resource Kit while reviewing for my upcoming 70-649 exam and there is an in-depth explanation on Group Policy Loopback processing mode. It turns out that you can apply User settings even if the user is not in the linked OU by enabling User Group Policy loopback processing mode in Computer\admin templates\system\Group Policy. I just finished reading the Server 2008 Group Policy Resource Kit and I didn't remember loopback processing being mentioned at all. I checked, and it's only mentioned in the troubleshooting section as an event log entry, but there is never a mention as to what it actually does.

    I came in this morning, changed a test GPO to enable loopback processing in merge mode (so that it will only change the screensaver entry and not delete all the other user settings) and adjusted the screensaver timeout. I logged in with a regular account to a test PC and the screensaver timeout reflected the computer OU GPO setting instead of the user's normal setting, and there was much rejoicing.

    Why haven't I heard about this setting before? The GP Management Editor says it requires at least Windows 2000, so it has been around since the dawn of GPOs. Why isn't it mentioned in the Group Policy Resource Kit? I can understand why it is in the Terminal Services Resource Kit becasue this setting can be really handy in a TS environment. Is anyone else using different loopback processing modes?
    Reply With Quote Quote  

  2. SS -->
  3. Pissed
    Join Date
    May 2007
    Location
    Denver
    Posts
    372

    Certifications
    A+; Network+; MCSE: 2k3; MCTS; CCNA; VCP4, VCP5
    #2

    Default Re: Group Policy Loopback Processing

    Quote Originally Posted by Claymoore
    Why haven't I heard about this setting before? The GP Management Editor says it requires at least Windows 2000, so it has been around since the dawn of GPOs. Why isn't it mentioned in the Group Policy Resource Kit? I can understand why it is in the Terminal Services Resource Kit becasue this setting can be really handy in a TS environment. Is anyone else using different loopback processing modes?
    Are you sure you read the material required for passing 70-294? I got my face smashed in about it reading the Sybex book. It was also on the Transcender practice test.
    Reply With Quote Quote  

  4. Self-Described Huguenot blargoe's Avatar
    Join Date
    Nov 2005
    Location
    NC
    Posts
    4,088

    Certifications
    VCAP5-DCA; VCP 3/4/5/6 (DCV); EMCSA:CLARiiON; Linux+; MCSE:M 2000/2003; MCSE:S 2000/2003; MCTS:Exch2007; Security+; A+; CCNA (expired)
    #3
    I've never needed to use it but I think I had like one question about it on an exam. I'm sure I'd have to review how to use it if I needed to deploy it.
    IT guy since 12/00

    Recent: 3/22/2017 - Passed Microsoft 70-412; 2/11/2017 - Completed VCP6-DCV (passed 2V0-621)
    Working on: MCSA 2012 upgrade from 2003 (to heck with 2008!!), more Linux, AWS Solution Architect (Associate)
    Thinking about: VCP6-CMA, MCSA 2016, Python, VCAP6-DCD (for completing VCIX)
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #4
    It was covered thoroughly in my study materials and 294 exam as well. Claymore, did you take this exam, or did you take an upgrade route? I know you know your stuff, so it's surprising you haven't come across this before.
    Reply With Quote Quote  

  6. Nidhoggr, the Net Serpent Claymoore's Avatar
    Join Date
    Nov 2007
    Location
    FL
    Posts
    1,622

    Certifications
    AWS Architect, MCSEx3, MCITPx6, MCTSx17
    #5

    Default Re: Group Policy Loopback Processing

    Quote Originally Posted by aordal
    Are you sure you read the material required for passing 70-294? I got my face smashed in about it reading the Sybex book. It was also on the Transcender practice test.
    I read all the material that I required to pass the exam, but I spent maybe 2 evenings studying for 294. I don't recall any questions about group policy loopback processing on the actual exam, but I probably missed them if there were any...

    http://www.techexams.net/forums/viewtopic.php?t=29503

    I am just disappointed that loopback processing isn't mentioned in the Group Policy Resource Kit. If you weren't studying for the exam and were just trying to learn about group policy would you even pick up a Sybex study guide? I certainly wouldn't buy Trancenders. I guess this shows the value of getting your real-world information and your certification material from multiple sources. You never know where you might pick up some useful information.
    Reply With Quote Quote  

  7. Pissed
    Join Date
    May 2007
    Location
    Denver
    Posts
    372

    Certifications
    A+; Network+; MCSE: 2k3; MCTS; CCNA; VCP4, VCP5
    #6
    The 2 most common situations you'll see this used is for Terminal Servers and for Public computers that are part of the domain. Fun stuff.
    Reply With Quote Quote  

  8. Nidhoggr, the Net Serpent Claymoore's Avatar
    Join Date
    Nov 2007
    Location
    FL
    Posts
    1,622

    Certifications
    AWS Architect, MCSEx3, MCITPx6, MCTSx17
    #7
    Quote Originally Posted by dynamik
    It was covered thoroughly in my study materials and 294 exam as well. Claymore, did you take this exam, or did you take an upgrade route? I know you know your stuff, so it's surprising you haven't come across this before.
    I was surprised too. But now everyone knows about loopback processing so there is no excuse for missing those questions on the exam!

    Now I'm wondering what else I missed out on by blowing off the 294 exam...
    Reply With Quote Quote  

  9. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #8
    Back when I was doing my MCSE I had read about loopback processing and had a vague idea that it had something to do with reapplying group policy or some such but didn't understand it at all. When I took the exam I would pick loopback whenever everything else didn't make sense. Still didn't click about how it really works though. Then I had this one phone interview where I was doing great until the guy asked about something related to loopback processing. My mind completely blanked and it showed and he pretty much grilled me over and over until he was sure that I didn't know what it was. My was that embarrassing! But immediately after that interview I jumped into technet, read through the documentation, and it clicked that time. Then at the last job I got to use it for pretty much almost the exact situation as claymoore described. Interestingly enough no one else at that job understood how it worked either and as far as I know they still don't understand. Probably because it isn't commonly used.
    Reply With Quote Quote  

  10. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #9
    I still think my thread makes sense.

    http://www.techexams.net/forums/viewtopic.php?t=27743
    Reply With Quote Quote  

  11. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #10
    We have had several discussions on Loopback Processing here on TE in the past.

    http://www.techexams.net/forums/viewtopic.php?t=22116

    http://www.techexams.net/forums/viewtopic.php?t=21873

    There's more but most basically have the same questions/answers.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks