I am part of a team of IT Engineers who are currently revamping a large organisation.
The previous IT department had some Group Policy objects in place for installing software(s), applying security related changes to machines, etc, etc.
On some of the group policy objects, Loopback processing (Merge Mode) is enabled.. See below for an example :
As loopback processing isn't something you can just enable to assist one policy (In other words it's global), what affect will this have on the computers?
If I've understood correctly, merge mode will allow you to define computer policies and apply them to users? Or is it.. Allow user configurations to be applied to computers??
If merge mode will allow user configurations to be applied on a computer level, how will the example policy affect computers?
Best Answer
Loopback enables you to define USER group policies at the OU where the computer resides, and have the policies applied to any user that logs on to those computers. Normally, user policies are applied from the OU hierarchy where the user account resides.
We can't predict what the impact will be from changing Merge to Replace. You need to run the Group Policy Modeling Wizard, and create two reports. One that has loopback with Merge, and one that has loopback with Replace. Save the two reports and compare them.
Typically Replace is used to enforce user settings at the OU where the computer resides. Replace effectively ignores any settings in the user account OU structure. Merge is used if there are settings at the user account OU structure that would be necessary. You will need to examine the reports to determine what is best for your environment.