This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I've got a loopback policy (Configure user Group Policy loopback processing mode = replace) targeted at an OU containing a terminal server (Windows 2022). This prevents any user policies targeted at the User OU from being applied when the user logs in and is working as expected.
However, there are User policies targeted at the site-level that are still being applied to the user when he logs in to terminal server. And these site-based policies are not enforced.
My understanding is that group policies are applied in the following order:
Given the terminal server is located at the Child OU, why are the site-based user policies still being applied? One of the site-based user policy is to add a shortcut to the desktop. This shouldn't be applied to a user logging in to the terminal server as the loopback policy should block it.
Any pointers would be much appreciated. Thanks.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hello TWKLPLS,
Thank you for posting in Microsoft Community forum.
Please check if this "shortcut to the desktop" under Computer Configuration or User Configuration.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
The "shortcut to the desktop" site-based policy is under user configuration.
Thanks.
Hello
Greetings!
Please check if the machine user signed in applied the lookback group policy as expect.
Please check using gpresult command, you can follow steps below.
Logon this machine using administrator account.
Open CMD (run as Administrator).
Type gpresult /h C:\gpo.html and click Enter.
Open gpo.html and check gpo setting under "Computer Details".
Note:
Windows Client for IT Pros and Windows Server forums are moving to Microsoft Q&A.
We’re transitioning to Microsoft Q&A for a more streamlined experience. Starting 21 February, new questions can only be posted on Microsoft Q&A. Existing discussions will remain accessible here.
From the 26 February customers looking for support on Answers will be automatically redirected to Microsoft Q&A.
Best Regards,
Daisy Zhou
Yes, the loopback policy is applied.
I've also done Group Policy Modelling and the loopback policy is applied at the Computer level while the site based user-only policy is also applied at the user level.
Thanks.
Hello
Greetings!
You put domain user accounts in "Site" below and you put server in "Child OU" below.
Local
Site --------domain user accounts
Domain
OU
Child OU -------server with loopback GPO (replace mode)
Now one domain user in "Site" signed in server in "Child OU", then this user should apply the user settings on this server**, am I right?**
Please Note:
Windows Client for IT Pros and Windows Server forums are moving to Microsoft Q&A.
We’re transitioning to Microsoft Q&A for a more streamlined experience. Starting 21 February, new questions can only be posted onMicrosoft Q&A. Existing discussions will remain accessible here.
From the 26 February customers looking for support on Answers will be automatically redirected toMicrosoft Q&A.
Best Regards,
Daisy Zhou