{"id":731,"date":"2008-09-18T04:38:00","date_gmt":"2008-09-18T04:38:00","guid":{"rendered":"http:\/\/atumvirtwordpress.azurewebsites.net\/?p=731"},"modified":"2008-09-18T04:38:00","modified_gmt":"2008-09-18T04:38:00","slug":"unexpected-group-policy-behavior","status":"publish","type":"post","link":"https:\/\/avtempwp.azurewebsites.net\/2008\/09\/unexpected-group-policy-behavior\/","title":{"rendered":"Unexpected Group Policy Behavior"},"content":{"rendered":"<p>One of the things we need to provide is an environment where computers behave one way for a certain group of users in a lab and another way for the same user in a different lab.  In order to centrally manage that, we began utilizing Group Policy.<\/p>\n<p>We have users in one OU and computers in another at the same level.  As such, a computer policy GPO should never apply user settings without using loopback processing. <\/p>\n<p>My understanding of how it <span><span>should<\/span><\/span> work is like this:<\/p>\n<p>We apply a group policy with security filtering to a group of computers.  Loopback processing is enabled, so the user policy processes.  Unfortunately, I discover that without the <span>user<\/span> group being a part of the security filtering, the user policy in the loopback doesn&#8217;t apply because it is security filtered.  So the security filters looks like this:<\/p>\n<p>LAB-A-Computers<br \/>UserGroup-1<\/p>\n<p>As expected, the group policy processes, loopback applies, and all looks well.<\/p>\n<p>Now, enter LAB-B.  LAB-B  has a similar setup, however needs different policies.  All the computers in the same OU, so the GP is linked at the same location.<\/p>\n<p>However, when a user who is in UserGroup-1 logs into LAB-B, LAB-A&#8217;s looped back policy applies for some reason, because LAB-B has looped back, but apparently linkorder comes into play.  I would not expect this behavior.<\/p>\n<p>Currently I&#8217;m waiting for a response from the Microsoft forums in order to receive advice on how to achieve what we want.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the things we need to provide is an environment where computers behave one way for a certain group of users in a lab and another way for the same user in a different lab. In order to centrally manage that, we began utilizing Group Policy. We have users in one OU and computers [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[22],"tags":[],"_links":{"self":[{"href":"https:\/\/avtempwp.azurewebsites.net\/wp-json\/wp\/v2\/posts\/731"}],"collection":[{"href":"https:\/\/avtempwp.azurewebsites.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/avtempwp.azurewebsites.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/avtempwp.azurewebsites.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/avtempwp.azurewebsites.net\/wp-json\/wp\/v2\/comments?post=731"}],"version-history":[{"count":0,"href":"https:\/\/avtempwp.azurewebsites.net\/wp-json\/wp\/v2\/posts\/731\/revisions"}],"wp:attachment":[{"href":"https:\/\/avtempwp.azurewebsites.net\/wp-json\/wp\/v2\/media?parent=731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/avtempwp.azurewebsites.net\/wp-json\/wp\/v2\/categories?post=731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/avtempwp.azurewebsites.net\/wp-json\/wp\/v2\/tags?post=731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}