Compartilhar via


Loopback policy does not apply on Vista machine, if security filtering is customized

Scenario:

If we create a group and assign the users to the group.

Create a loopback policy for users in merge mode and assign the group to security filtering for the loopback policy and give the following permission:

Read and Apply Group Policy.

User side of the policy will not apply.

From the GPSVC logs, we see the following:

Machine Side:

GPSVC(434.4b8) 15:00:19:206 EvalList: Object <cn={630069B4-401B-4DB0-9559-EF4D821D04FE},cn=policies,cn=system,DC=childA,DC=dom147330,DC=local> cannot be accessed

User Side:

GPSVC(434.1c8) 15:05:54:924 EvalList: Object <cn={630069B4-401B-4DB0-9559-EF4D821D04FE},cn=policies,cn=system,DC=childA,DC=dom147330,DC=local> cannot be accessed

For more details look into the below article:

https://support.microsoft.com/kb/953768

Comments

  • Anonymous
    July 03, 2009
    Please don't link that KB article: It is meaningless nonsense! Although it is pretty difficult to understand what your post is getting at. For it to work both machine AND user need "read" and "apply group policy" set for the lookback enabled GPO. Thanks for the reminder.