This post is part 2 of a 3 part series where we are examining the debug output for each policy processing mode:

  1. Loopback Policy Processing Debug Series – Normal Mode
  2. Loopback Policy Processing Debug Series – Merge Mode
  3. Loopback Policy Processing Debug Series – Replace Mode

In our last post, we reviewed the UserEnv log to see how policy is applied to workstations and users under normal circumstances.  In normal mode, processing of workstation group policy restricts itself to those settings configured in the computer configuration node of applicable policies and user group policy restricts itself to those settings configured in the user configuration node of applicable policies.

Now things are going to change a little bit with the introduction of loopback policy processing in merge mode.  Our OU structure has not changed, but so you don’t have to go look at previous posts I have included it here.  The workstation that we’ll be using, XP01, is in the HR OU.

ouStructureWorkstation3

The user that will be using, John.Galt, is in the Users OU.

ouStructureUser4

Merge Mode

Here is the full text log file: merge_UserEnv.log [171.92 KB] (previously loopbackMerge.log)

Here is the consolidated log file: consolidated_UserEnv.log [15.93 KB]

At 2:47:02:753 AM, computer policy begins evaluation of workstation XP01.

mergeWorkstationEnter_2

Policy evaluation for the workstation begins in normal mode.

mergeWorkstationMode_2

Policies are enumerated starting with the OU closest to the workstation, then working through the parent OUs, on to site policy, and finally to the local policy.

mergeWorkstationEnumerateGPOs_2

The computer configuration portion of policy is completed at 2:47:02:993 AM.

mergeWorkstationComplete

A few seconds later, the user John Galt logs on to the workstation and at 2:54:38:098 AM, user policy processing begins evaluation of user John Galt.

mergeUserEnter_2

Policy evaluation for the user begins in merge mode.

mergeUserMode_2

Policies are enumerated starting with the OU closest to the user, then working through the parent OUs, on to site policy, and finally to the local policy.

mergeUserEnumerateGPOs_2

Once both lists are defined, they are merged together.  Settings configured in the user portion of policies linked to the workstation’s parents apply last.

mergeUserComputerMergingTogether_2

The user configuration portion of policy is completed at 02:47:29:824 AM.

mergeUserComplete

Policy application has completed successfully and any user configuration settings which were applied to policies which are applicable to XP01 have overwritten those policy settings which applied to John.Galt.  The initial evaluation of XP01 evaluated the GPOs which applied but then only applied those settings in the computer configuration node of the applicable policies.  When John.Galt logged on, then the user policy processing engine evaluated the applicable policies for John.Galt and XP01, applying only the policy settings in the user configuration node.

This process is very similar to what we saw in Loopback Policy Processing Debug Series – Normal Mode except with the additional evaluation of the user configuration policies for the workstation after evaluation of the user policy settings.

In part 3, Loopback Policy Processing Debug Series – Replace Mode, we’ll get far away from normal and see how policy processing works in replace mode.