User Group Policy loopback processing mode changes in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Starting in Windows Vista and Windows Server 2008, this behavior changed.
Consider the following scenarios:
- A computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2 is configured for User Group Policy Loopback processing in Merge mode.
The GP Service reads the GPO Information in the context of the machine. In this scenario, the computer account must have at least read permissions to the Group Policy object that contains the user settings, and a user should have at least Read and Apply permission in order to successfully apply the policy.
- A a computer that is running a version of Windows that was released before Windows Vista and Windows Server 2008 is configured for User Group Policy Loopback processing in Replace mode.
In this case, the GP service impersonates the user. Therefore, only the user needs access to the GPO. In order to successfully apply a policy, a user should have at least the Read and Apply permission.
Article ID: 953768 - Last Review: 02/20/2013 07:03:00 - Revision: 5.0
- kbexpertiseinter kbhowto kbinfo KB953768