I have a number of GPOs that use loopback processing to apply user settings on specific PCs. The policies are all in merge mode and have (as far as I’m aware) been working fine.
The policies are linked at the OU that contains the appropriate Computer objects, and filtered to the specific PCs that require the settings by Security Filtering (usually via security group membership). The GPOs’ Security Filtering settings also contain the Domain Users group, because I want the settings to apply to all users who log on to those PCs.
Recently, a new policy has been created in the same manner, which has caused another loopback policy to apply to the users (this one sets a desktop wallpaper, so is quite noticeable). Looking at the output of GPRESULT.EXE, all loopback policies are being applied to the user, despite the computer object not being included in the Security Filtering settings of the GPO.
Is this behaviour normal? The way I understood it was that the User portion of a loopback policy was only applied to a User if the Computer portion was processed by the Computer. Or am I being dense?