A great 2 part blog series about Loopback processing of group policys.
http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
http://blogs.technet.com/b/askds/archive/2013/05/21/back-to-the-loopback-troubleshooting-group-policy-loopback-processing-part-2.aspx
For a quick summarize of a few recommendations that is no official best practices (but they maybe should be).
- Don’t use loopback 🙂
- Use a separate GPO for the loopback setting; ONLY include the loopback setting in this GPO, and do not include the user settings. Name it Loopback-Merge or Loopback-Replace depending on the mode.
- Avoid custom security filtering if you can help it.
- Don’t enable loopback in a GPO linked at the domain level!
- Always test in a representative environment prior to deploying loopback in production.
Even dough this is a year old post I wanted to help spread the word because there is still some crazy GPO configurations out there, and why not try to keep it simple 🙂