…Overview…

What is the loopback policy? How does the loopback policy work?

Group Policies are normally applied to the user or their PC depending on where they are located in Active Directory. There are occasions (Terminal Servers / Citrix servers are a prime example) when you wish users to have certain policies applied depending on which computer (Server) they log on to. This is where the loopback policy comes into its own.

Loopback policies can be applied to Windows 2000 and above.

The Loopback policy can be applied in two modes

Merge Mode
In this mode, when the user logs on, the user’s policies are first applied as normal, in the same order site, domain, OU. The list Policy Objects for the computer are then added to the end of the Policy Ojects for the user. This causes the computer’s Policy Objects to have higher precedence than the user’s Policy Objects. The list of Policy Objects for the Computers is added to the user list.

Replace Mode
In this mode, the user’s list of Group Policy Objects is not applied. Only the computer section of the policy is used.

Example where you might want to use the Loopback Policy
In the case of Terminal Servers you might wish to place all of the terminal servers in an OU, link a policy where you have set Computer and User settings and then also set the loopback policy in the computer section of the policy in replace mode. When users logon to a Terminal Server they will have the user settings applied in the user section of the Group Policy you applied.

Related Articles

Group Policy Inheritance Overview
How to Copy Group Policy from one OU to Another
How to Exclude Certain Groups from inheriting a Policy