Group Policy mainly has two configurations. One is targeted computer settings, and the other is targeted user configuration. When we apply user configuration to a user located in OU, it doesn't matter which computer they log in to; their policy settings will follow them. As an example, let's assume user Liam is located under the Sales OU. The computer he usually logs in to is also located under the same OU. But he occasionally logs in to the meeting room laptop that is located under the IT operations OU. The IT operations OU has its own Computer Configuration and User Configuration policies assigned. But when Liam logs in to it, he still has the same settings he had in the Sales OU PC. This is the normal behavior of group policies. But there are situations where it needs to apply user policy settings based on the computer the user logs in to. Remote Desktop Services (RDS) and Citrix Xenapp/XenDesktop solutions are one of the greatest examples of this scenario. These solutions are mostly open for login from remote networks. Therefore, its security and operation requirements are different from a computer in LAN. If users who log in from different OUs are going to have different settings, it's hard to maintain the system with the required level of protection. Using loopback processing, we can force users to only have user policy settings that are linked to the OU where computers are located.

There are two modes of loopback processing:

• Replace mode: In the replace mode, user settings attached to the user from the original OU will be replaced by the user settings attached to the destination OU. If loopback processing replaces the mode enabled in my previous example, when Liam logs in to the meeting room laptop, he will get the same settings as the user in the IT operations OU.
• Merge mode: If the merge mode is enabled, in my example, Liam will have his sales user settings apply when he logs in to meeting room laptop first, and after it is processed, it will also add the user settings from the IT operations OU. If there are any conflicting settings, the IT operations OU user policy settings will win.

To enable loopback processing for Group Policy, go to the Group Policy edit mode: Computer Configuration| Policies| Administrative Templates | System | Group Policy| Configure user Group Policy loopback processing mode: