Re: I'm having an issue with the "user group loopback processing m
- From: Rick <Rick@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 3 Sep 2009 06:53:01 -0700
Okay, the issue have been identified and resolved.
What I learned/found is if you have a GPO higher in your AD environment
that enables "user group loopback processing" then it will effect all
workstations below that even if you have block inheritance to the OU. I think
this is an issue for me because security filter is set to "authenicate
users" on GPO's with "loopback" enabled.
Along with computer accounts, you also have add user accounts in the
security filter but not don't authenicate users if you don't have to. I used
"domain users" instead.
To get it to work in my current environment was to create another policy
that disabled "loopback" (security filter with Auth users) followed up with
enable "loopback" policy (domain users, computer group in security filter).
Both GPO's are link to the same OU.
"Anthony [MVP]" wrote:
OK, it will be interesting to hear back what the problem is,.
Anthony
http://www.airdesk.com
"Rick" <Rick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3A546414-0ADE-4933-853F-F44DEE2B1B0B@xxxxxxxxxxxxxxxx
I opened a ticket with Microsoft and they are having the same issue. Will
let
you know the outcome once they get it working in their environment.
"Rick" wrote:
Currently it is set to "merge" but i have had it on both and got the same
response.
"Rick" wrote:
I've done that, link the GPO only to the OU with the computers, block
inheritance, and added the (computers) AD group to the security filter.
Nothing.
When i run "gpresult" the only computer group policy being applied is
the
one i want. Also the group policy result so that it is the winning GPO.
If i add users to the GPO filter the user config does apply but i need
this
to only apply to computers. Thats why i had authenticate users in the
security filter.
I lost and any help would be great.
"Rick" wrote:
I'm having an issue with the "user group loopback processing mode".
I can get the policy to work if i link it a "OU" and the OU only has
computers that policy needs to apply to are in there.
The issue is i need it to apply to only computers in the AD group i
created
and assigned GPO to. Currently if i move the GPO higher in our OU
structure
it starts apply to all computers and user below that link OU.
What im i doing wrong?
Background
1. I have a AD group with only computers in it. (No screen Saver
group)
2. Computers in this group are in different OU's and cant be moved
into
same "OU"
3. The GPO security filter has "auth users & no screen saver group".
4. the user section im configuring is "no screen saver" and loopback
process.
- Follow-Ups:
- Re: I'm having an issue with the "user group loopback processing m
- From: Anthony [MVP]
- Re: I'm having an issue with the "user group loopback processing m
- References:
- Prev by Date: Re: I'm having an issue with the "user group loopback processing m
- Next by Date: Re: No hibernation on XP machine using Group Policy Preferences
- Previous by thread: Re: I'm having an issue with the "user group loopback processing m
- Next by thread: Re: I'm having an issue with the "user group loopback processing m
- Index(es):
Relevant Pages
|
