Loopback processing with merge or replace

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Loopback processing with merge or replace

Loopback is an advanced Group Policy setting that is useful on computers in certain closely managed environments, such as servers, kiosks, laboratories, classrooms, and reception areas. Loopback only works when both the user account and the computer account are in a Windows 2000 or later domain. Loopback does not work for computers joined to a workgroup. Setting loopback causes the User Configuration settings in GPOs that apply to the computer to be applied to every user logging on to that computer, instead of (in replace mode) or in addition to (in merge mode) the User Configuration settings of the user. This allows you to ensure that a consistent set of policies is applied to any user logging on to a particular computer, regardless of their location in Active Directory. Loopback is controlled by the following setting, User Group Policy loopback processing mode, which is located under Computer Configuration\Administrative Templates\System\Group Policy in Group Policy Object Editor (GPMC).

By default, a user's policy settings come from the set of GPOs that are applied to the user object in Active Directory. During Group Policy processing on the client, the Group Policy engine assembles an ordered list of GPOs from the site, domain, and all organizational units for that user object.

Loopback can be set to Not Configured, Enabled, or Disabled. In the Enabled state, loopback can be set to Merge or Replace. In either case the user only receives user-related policy settings.

  • **Loopback with Replace—**In the case of Loopback with Replace, the GPO list for the user is replaced in its entirety by the GPO list that is already obtained for the computer at computer startup (during step 2 in Group Policy processing and precedence). The User Configuration settings from this list are applied to the user.

  • **Loopback with Merge—**In the case of Loopback with Merge, the Group Policy object list is a concatenation. The default list of GPOs for the user object is obtained, as normal, but then the list of GPOs for the computer (obtained during computer startup) is appended to this list. Because the computer's GPOs are processed after the user's GPOs, they have precedence if any of the settings conflict.

See Also

Concepts

Get user settings from the machine account (loopback processing)
Managing inheritance of Group Policy