Loopback policy does not apply on Vista machine, if security filtering is customized
Scenario:
If we create a group and assign the users to the group.
Create a loopback policy for users in merge mode and assign the group to security filtering for the loopback policy and give the following permission:
Read and Apply Group Policy.
User side of the policy will not apply.
From the GPSVC logs, we see the following:
Machine Side:
GPSVC(434.4b8) 15:00:19:206 EvalList: Object <cn={630069B4-401B-4DB0-9559-EF4D821D04FE},cn=policies,cn=system,DC=childA,DC=dom147330,DC=local> cannot be accessed
User Side:
GPSVC(434.1c8) 15:05:54:924 EvalList: Object <cn={630069B4-401B-4DB0-9559-EF4D821D04FE},cn=policies,cn=system,DC=childA,DC=dom147330,DC=local> cannot be accessed
For more details look into the below article:
https://support.microsoft.com/kb/953768
Comments
- Anonymous
July 03, 2009
Please don't link that KB article: It is meaningless nonsense! Although it is pretty difficult to understand what your post is getting at. For it to work both machine AND user need "read" and "apply group policy" set for the lookback enabled GPO. Thanks for the reminder.