By enabling the 'User Group Policy loopback processing mode' policy in the local security policy of their workstation and setting it to replace, a user can prevent domain user Group Policies from being applied to them.

To Reproduce:
- Create a Windows 2000 domain and join a Windows 2000 professional computer to the domain.
- In Active Directory Users and Computers make a new OU named Restricted and inside the Restricted OU create a user named Test.
- Link a new Group Policy to the Restricted OU and configure any of the policies under User Configuration.
- From the Windows 2000 Professional machine log on to the domain as Test and verify the user Group Policy settings are applied.
- Log off test and log back on locally using the local administrator account.
- Open the MMC and add the Group Policy snap-in, accepting the default of Local Computer as the focus.
- Go to Computer Configuration\Administrative Templates\System\Group Policy and enable User Group Policy loopback processing mode, setting it to 'Replace'.
- Under User Configuration configure policies that conflict with the ones you previously made.
- Log off and back on as Test and verify the original policies are no longer applied.

To Fix this:
Disable the User Group Policy loopback processing mode policy in a Group Policy placed at the Domain or OU level.

Thanks,
Nick Staff

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]