Group Policy Loop Back Processing

In Normal situation, Group Policy is applied when a user logs on to a computer, applying settings based on a user's GPO settings. This is desirable in most conditions. But this may not be desirable for some situations. For example, System Administrator may have assigned a software that are appropriate when they log in to workstations, but that might not be appropriate to have installed when they log in to a Domain Controller.

Loopback Group Policy can be "Not Configured", Enabled, or Disabled, as the case of any other Group Policy setting. In the Enabled state, loopback can be set to Merge or Replace mode.

Replace mode: In Replace mode, the GPO list for the user is replaced in its entirety by the GPO list already obtained for the computer at computer startup. The computer's GPOs replace the user GPOs normally applied to the user.

Merge mode: In Merge mode, the GPO list is concatenated. The GPO list obtained for the computer at computer startup is appended to the GPO list obtained for the user when logging on. Because the GPO list obtained for the computer is applied later, it has precedence if it conflicts with settings in the user's list.

To enable loopback processing, open the Group Policy editor. Open Computer Configuration, Administrative Templates, System, and then click the Group Policy container. On the right side, double-click "User Group Policy Loopback Processing Mode".

 

Enable the policy and select replace or merge from the drop-down list.