Source dc–> dc01
Destination dc–>dc03
Recent Comments
Martin on Event 36870/ 36880: A fatal er… Sally on 10 Top Websites to get cracked… Network Marketing Ne… on Windows server 2019 Active Dir… Michele on Event 36870/ 36880: A fatal er… Lokesh on Most Common VMware Interview…
Loopback group policy Demo
30/06/2022 — YogiDemo Setup details
DC01 & DC02 -> Domain Controllers both are in same site
PC01-> client machine (Windows 10)
Without Loopback policy scenario
User name : Ravi
Computer name : PC01
When user (Ravi) login computer (PC01),
Computer configuration 1 + User configuration 2 both policy will apply.
Computer configuration 1 ( disable mspaint)+ user configuration 2 ( remove task manager)
Computer GPO-India
I have blocked mspaint application
User GPO-India
Task manager has been removed.
Now Ravi login the PC01 machine below policy will apply.
Computer GPO-India –> mspaint block
user GPO-India–> task manager disable
Group policy Loopback two modes:
- Merge Mode
- Replace Mode
Loopback policy with Replace mode
User-1 GPO-India
This policy, I have enabled desktop wallpaper.
Now, User Ravi login into PC01 the will apply below.
Computer configuration 1 ( disable mspaint)+ user configuration 1 ( wallpaper policy)
user configuration 2 policy will replace user configuration 1 policy.
Loopback policy with merge mode
Computer configuration 1 ( disable mspaint)+ user configuration 1 ( wallpaper policy) +user configuration 2 (remove Task manager)
Refer :
Best Practices
- Create two purpose-built GPOs to enable it loopback processing (one for each mode). These GPOs should only contain this one setting. Lock down who can edit these GPOs (I’d go as far limiting permissions to Domain Admins).
- Link your loopback processing GPOs as necessary, and enforce these links, to ensure any loopback processing setting change in any other GPO does not cause any unexpected issues.
- Create user setting GPOs as needed, and link them to the necessary OUs containing computer objects that you want to control the user experience on.
- Don’t enable loopback processing if you don’t need to. If your computers and users are in distinct OU structures, apply policies to them as needed.
- In the situation of not being able to apply any policy to user objects, enforce replace mode from the top down across all OUs containing computer objects.
DirectReports report
28/06/2022 — Yogi
Get-ADUser -Identity test_director -Properties directreports |
Select-Object -ExpandProperty directreports |
Get-ADUser -Properties mail |
Select-Object SamAccountName, mail
AD FS Deployment
28/06/2022 — YogiWhat is KRBTGT
28/06/2022 — YogiKerberos Token Size Using the MaxTokenSize Parameter
28/06/2022 — YogiAD notes-2
27/06/2022 — YogiLoop back group policy
https://docs.microsoft.com/en-us/archive/blogs/askds/circle-back-to-loopback
SETSPN
https://docs.microsoft.com/en-us/archive/blogs/askds/interesting-findings-on-setspn-x-f
Change Notification on a MANUALLY created Replication partner
Document Quarantine with Windows Server 2012 Dynamic Access Control
New Slow Logon, Slow Boot Troubleshooting Content
Managing RID Pool Depletion
https://docs.microsoft.com/en-us/archive/blogs/askds/managing-rid-pool-depletion
What does DCDIAG actually… do?
https://docs.microsoft.com/en-us/archive/blogs/askds/what-does-dcdiag-actually-do
KCC Offline Bridgehead Behaviors
https://docs.microsoft.com/en-us/archive/blogs/askds/kcc-offline-bridgehead-behaviors
RESTOREDFSR.VBS Version 3 now available
https://docs.microsoft.com/en-us/archive/blogs/askds/restoredfsr-vbs-version-3-now-available
Get-DFSRBacklog PowerShell Script Available
https://docs.microsoft.com/en-us/archive/blogs/askds/get-dfsrbacklog-powershell-script-available
The Case for Migrating SYSVOL to DFSR
https://docs.microsoft.com/en-us/archive/blogs/askds/the-case-for-migrating-sysvol-to-dfsr
How Domain Controllers are Located in Windows
Group policy Foreground and background processing
Active Directory Replication Registry Entries
Yogesh 