Loopback Processing

Before we jump into Loopback Processing let’s understand the group policy processing order. Group policy objects (GPO) can be linked over site, domain or on OU. So if we see the processing order if group policy:

1. Local policy
2. Site
3. Domain
4. OU

So the group policy processed last will be the final policy applied over users. This default processing order cab be change using options such as Block inheritance & Enforced. But it’s a recommendation to use this options as-less-as you can to keep your configuration simple. Whenever a user logins on any computer in a domain environment it doesn’t matter where that computer object is located in Active Directory and which GPO is linked on the Site or OU where the computer object is located; the user settings from GPO linked to the Site, Domain and OU where the user object resides applies.

Let’s understand the loopback processing and the scenario to use it.

What is Loopback Processing and when to use Loopback Processing?

Let’s take a scenario of a conference room where you want to have a common wallpaper for all of the users. But as we know that the user settings from GPO linked to the location where user resides will apply regardless of the computer object location. To overcome this we can use Loopback Processing.

Loopback processing is a computer configuration setting that provides a consistent user experience across all computers regardless of the GPOs linked to the user’s Site or OU.

How to configure loopback processing ?

The loopback setting is located under Computer Configuration/Administrative Templates/System/Group Policy in the Group Policy Management Editor (GPME).

Loopback processing works in two modes:

1. Merge
2. Replace

Merge Mode: If you have configured loopback processing to work in merge mode user settings and computer settings both are applied together. User settings from all GPOs linked on the user's OU and the computer's OU merge together but in case of any conflict the user settings from computer GPOs win.

Replace Mode: If you have configured loopback processing to work in replace mode all user settings from GPO linked to user's OU is replaced by the user settings from GPO linked to computer's OU.

Let's go back to our scenario that we discussed above, to get a common wallpaper on all conference room computers we can create an OU and place all those conference room computer objects in that and link a GPO over that defining loopback processing setting so that the computer configuration overrides user settings.