A great 2 part blog series about Loopback processing of group policys.
For a quick summarize of a few recommendations that is no official best practices (but they maybe should be).
- Don’t use loopback 🙂
- Use a separate GPO for the loopback setting; ONLY include the loopback setting in this GPO, and do not include the user settings. Name it Loopback-Merge or Loopback-Replace depending on the mode.
- Avoid custom security filtering if you can help it.
- Don’t enable loopback in a GPO linked at the domain level!
- Always test in a representative environment prior to deploying loopback in production.
Even dough this is a year old post I wanted to help spread the word because there is still some crazy GPO configurations out there, and why not try to keep it simple 🙂