Re: LoopBack policy

---

• From: "Darren Mar-Elia" <dmanonymous@xxxxxxxxxxxxx>
• Date: Tue, 9 Jan 2007 08:41:38 -0800

---

Yes. If you are familiar with the notion of security filtering of a GPO, then this is the same thing. Basically, you would modify the permissions on the GPO object. Whereas normally, in order to process a GPO, a computer or user needs the Read and Apply Group Policy permissions, what you can also do is create an explicit Deny ACE on the GPO that you are implementing the loopback user settings with. You can do that with the GPMC, by clicking the Advanced button on the Delegation tab of the GPO. Note that you only need to deny the "Apply Group Policy" permission to prevent the Domain Admins group from processing those loopback settings.

Darren

--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related

Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at http://www.sdmsoftware.com/products.php


"Sergio" <Sergio@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:AC7255A3-58DA-429C-AB8F-B31326485F1D@xxxxxxxxxxxxxxxx

Hi Darren,

Thanks for the reply.

But I don't understand what you mean by "Create a Deny ACE on the loopback
GPO for your Domain Admins group". Can you elaborate more?

Thanks.

"Darren Mar-Elia" wrote:

Yes. Create a Deny ACE on the loopback GPO for your Domain Admins group.
That will prevent them from reading those loopback user settings whenever
they log onto the TS.

--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related

Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at
http://www.sdmsoftware.com/products.php


"Sergio" <Sergio@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CC766758-BEC9-4B8A-A3CF-7A1F977E87D0@xxxxxxxxxxxxxxxx
> Hi,
>
> I have a loopback policy setup on a OU for my Terminal Servers. This
> works
> fine.
>
> I do not want the Loopback policy to apply to my domain admin group, is
> this
> possible?

.

---

• Follow-Ups:
  • Re: LoopBack policy
    • From: Sergio

• References:
  • Re: LoopBack policy
    • From: Darren Mar-Elia

• Prev by Date: Re: LoopBack policy
• Next by Date: Re: LoopBack policy
• Previous by thread: Re: LoopBack policy
• Next by thread: Re: LoopBack policy
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)