When managing Group Policies, there are a couple features to consider. The first is Blocking Inheritance and the other is called Loopback Processing.
Blocking Inheritance: It’s exactly as it sounds. It prevents Group Policy Objects (GPOs) that are linked to higher domains, sites, or organization units (OUs) from being automatically inherited.
Now you may ask, when and why would I need to use this? Well, simple enough, what if you don’t want the Finance OU, or IT OU to apply to the domain level. At this point, each department has its own configuration that does not need domain level GPOs as it is unnecessary for their use or conflict with specific configuration made exclusively for them.
One thing to keep in mind the ‘Enforced’ setting. What Enforced does is that it protects the GPOs and its settings from being overridden by a later GPO. It also overrides the Block Inheritance setting.
Loopback Processing: Loopback processing comes in two flavors, Merge and Replace. Going back to the basics, Group Policy affects user and computer accordingly. Let’s separate both those into the standard computer OU and user OU. Applying Loopback processing enables the GPO to use an override system in customizing logins to different systems used by different users. When would I need Loopback processing? For example, if you wanted to deploy a training computer or kiosk with a set configuration that will be the same among all users who log in. Instead of applying personal user settings under a specific OU, it will apply its own user settings generated for that specific computer or computers in a given OU. What’s the difference in Merge and Replace?
Replace Mode: Replace mode will replace the user configuration with the generic one created for that computer OU. Basically, when Bob and Tom log in to the training computer, they won’t get their mapped drives or icons that are specific to them in their OU. They will get the same generic one solely to be used on that training computer.
Merge Mode: In this mode, both the generic and personal user configuration will merge together. If there are conflicts like two policies providing different values for the same configuration setting, then the generic configuration will have the overriding priority over the other.