Campus Active Directory - Loopback Processing

Group policies in Active Directory consist of two components: Computer Configurations and User Configurations. When applying a GPO to an OU, Computer Configurations are applied if there are computer objects, and User Configurations are applied if there are user objects. In Campus Active Directory, GPOs cannot be directly applied to NetIDs. To create a GPO that can apply user configurations, OU administrators can use the CADS Loopback Processing GPO. By using this policy, user configurations can be applied to any NetIDs that sign-in to a workstation.

Configuring Loopback Processing

The CADS Loopback Processing GPO can be linked to your root OU. To configure this, follow the steps below:

1. Open the Group Policy Management console and navigate to your OU.

2. Right-click on your OU and select “Link an Existing GPO”.

3. Scroll down and select the “CADS - Loopback Processing” policy.

4. Next, create a GPO that specifies the user policy you want to apply to NetIDs when they sign-in to a workstation. The screenshot below shows an example of the CADS Loopback Processing GPO that was linked to the IAM OU, along with a GPO that will disable the Task Manager for every user that signs-in to a workstation under the Computers OU:

A. (Optional) You can also navigate to the Scope tab of your GPO and add a security filter to only apply to specific users if needed.

5. By default, the task manager is typically enabled for all users. However, with loopback processing we can disable the Task Manager even though we have not applied a GPO to any scope of users.

 

6. Confirm your settings by opening a command prompt and running gpresult /r

 

Under the User Settings section, the Applied Group Policy Objects indicates the “IAM Test Disable Task Manager” GPO was successfully applied to the user.

See Also

Microsoft Learn: Loopback processing of Group Policy

Campus Active Directory - Group Policy Management

Campus Active Directory - Naming Convention

Campus Active Directory - Acceptable Use of Accounts



Keywords:
campus active directory, loopback, processing, user configuration, computer configuration, GPO, group policy, objects, CAD, netid, OU, workstation, users, administration, management 
Doc ID:
135367
Owned by:
MST Support in Identity and Access Management
Created:
2024-02-09
Updated:
2024-02-09
Sites:
Identity and Access Management