Friday, September 17, 2010

How does Group policy loop back processing work?

 Group Policies are normally applied to the user or their PC depending on where they are located in Active Directory. There are occasions, especially for terminal servers, when you wish users to have certain policies applied depending on which computer they log on to. This is where the loopback policy comes into its own.Two modes options when applying loopback processing:
  1.      Replace Mode: The user policy is defined entirely from the GPOs associated with the machine. Any GPOs associated with the user are ignored.
  2.      Merge Mode: The user policy settings applied are the combination of those included in both the machine and user GPOs. Where conflicts exist, the machine GPOs "win".

A common use of loopback is on Terminal Services machines. In this scenario, it is common for the Group Policy administrator to set specific user policy settings for the server to ensure that all users using the machine receive a defined set of user policy settings.

In order to define the Loopback Processing setting, the following steps should be followed.

   1. Open the Group Policy Object editor (gpedit.msc). See Create/Edit GPOs for details.
   2. Expand the Computer Configuration node. Under Computer Configuration, expand the Administrative Templates node.
   3. Within the Administrative Templates node, expand the System node, and then the Group Policy node.
   4. Locate the setting "User Group Policy loopback processing mode". Double click this setting, and define the setting as needed.

    * Merge Mode: When Merge mode is selected, application of user-based group policy begins as normal:
·         The distinguished name of the user is evaluated for it's location in the Active Directory. For example, the user John Smith in the Boston OU at BigCompany Corporation might have a distinguished name of CN=John Smith,OU=Boston,DC=BigCompany,DC=Com.
·         Group policy parses the Distinguished Name, and attempts to locate policies that apply to users at each "stage" of the name. The search is performed from left to right (e.g. the Boston OU is searched first, then the domain root of BigCompany). Finally, the Active Directory Site of the user is evaluated for user policies.
·         Based on the effective permissions of the user, Group Policy determines which of these policy objects (if any) should apply to the user.
·         Policies are then applied in a last in, first out (LIFO) series. So, any policies that applied at the site level are applied first, then the domain, and finally at the OU containing the user. If multiple policies were defined at the OU or domain level, the policy with the highest precedence is added to the list first (so it will be processed last, and overwrite earlier policies).

To this point, policy processing is exactly like normal. However, once 'normal' processing has completed, a second iteration begins:

·         As before, Goup Policy evaluates the Distinguished Name - except this time, it is the Distinguished Name of the Computer, rather than the User. For our example, let's say that the computer is in the Headquarters OU under the BigCompany root. The Distinguished Name is OU=Headquarters,DC=BigCompany,DC=Com.
·         The same processing rules apply as before: Group Policy evaluates policies at each level of the Distinguished Name, adding policies to the stack of policies to apply. The difference is that Group Policy is now searching for User policies that are defined in the computer's organization structure.
·         This second set of policies is applied (again, Last In, First Out), with any policy setting conflicts being "won" by the last policy to apply the setting. So, if more restrictive settings are defined for users in a policy object linked to the Headquarters OU, those settings will apply to the user when logging onto a machine with Merge mode applied.

Typically, Merge mode is defined on Terminal Servers in an environment. The reason for this is that Administrators typically want to enforce a specific set of desktop and security settings, to help minimize potential variables that lead to unpredictable behavior on the Terminal Server. By enabling Merge mode, and defining all potential problem policy settings, the Administrator can enforce a consistent user experience.

    * Replace Mode: Replace mode is actually simpler to explain than Merge mode:
·         In Replace mode, the user's Distinguished Name is not evaluated for Group Policy processing. Instead, we rely entirely on the Distinguished Name of the machine the user is logging onto.
·         Again using the previous example, the Distinguished Name OU=Headquarters,DC=BigCompany,DC=Com would be evaluated for User Policies, with any policies that the user has permissions to read and apply being enforced.
·         As before, the list of policies to apply is built from closest to farthest away (OU=Headquarters first, then DC=BigCompany, etc..). The list is then applied in reverse order, so that the OU settings have highest precadence.
·         The "normal policy set" for the user is ignored completely. Part of policy application is to delete the settings applied previously, so no (managed) settings will carry over to apply when Replace is defined, unless that setting was also defined in the User Settings applied during Replace mode.

Replace mode is useful for environments where specific policies are required regardless of the rights and settings of the user. Kiosk systems are a good example of this; an Administrator would typically have an unrestricted desktop experience. If that user logs onto a Kiosk machine, he or she would normally have a "wide open" desktop. This might be dangerous, so it may be useful to enable Replace mode to enforce a specific set of enforced settings.

Sunday, September 12, 2010

XMPP becoming common standard for real-time chat applications

As Facebook Chat, Google Talk, Lotus Same-time and Jabber etc have come under the same platform of the real-time communication protocol  XMPP, seemingly other chat clients tend to focus on changing their plat form to XMPP. Google talk and Jabber have already proven and got recognized for its less vulnerability behavior comparing to Yahoo messenger and Windows messengers, so the main strength of XMMP is its security. 

The Extensible Messaging and Presence Protocol (XMPP) is an open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data. It is build based on Extensible Mark-up Language (XML). Unlike most instant messaging protocols, XMPP uses an open systems approach of development and application, by which anyone may implement an XMPP service and interoperate with other organizations' implementations. The software implementation and many client applications are distributed as free and open source software.

Sponsored Links


The core technology behind XMPP was invented by Jeremie Miller in 1998, refined in the Jabber open-source community in 1999 and 2000, and formalized by the IETF in 2002 and 2003, resulting in publication of the XMPP RFCs in 2004.

The first IM service based on XMPP was Jabber.org, which has operated continuously since 1999 and has offered free accounts to users of XMPP. From 1999 until February 2006 the service used jabberd as its server software, at which time it migrated to ejabberd. In January 2010, the service plans to migrate to proprietary M-Link software produced by Isode Ltd.

In August 2005, Google introduced Google Talk, a combination VoIP and IM system which uses XMPP for its instant messaging function and as a base for its voice and file transfer signalling protocol. 

The social-networking giant Facebook opened up its chat feature to third-party applications via XMPP. The Facebook developers' site notes that Facebook Chat does not actually run an XMPP server internally, but merely presents an XMPP interface to clients; consequently, some server-side features like roster editing cannot be done via XMPP.

In addition to Google Talk, many other public IM services use XMPP, including Live Journal's "LJ Talk" and Nokia's Ovi. Furthermore, several enterprise IM software products that do not natively use XMPP nevertheless include gateways to XMPP, including IBM Lotus Sametime and Microsoft Office Communications Server.

Although the core technology is stable, the XMPP community continues to define various XMPP extensions through an open standards process run by the XMPP Standards Foundation. There is also an active community of open-source and commercial developers, who produce a wide variety of XMPP-based software.

Thursday, September 9, 2010

Is there an effective way to merge two Facebook accounts?

Currently Facebook does not provide account merging feature for its users. Facebook does not allow you to merge your duplicate account to your much active account.

But you can try below work around solution to bring two accounts together, this is very important to keep only one Facebook account because maintaining multiple accounts is a violation of Facebook's Terms of Use.


  • Copy your profile content (e.g. photos, notes, etc.) and add it manually to your more active account. Unfortunately, there will be some things you cannot transfer, such as Friends and Wall posts. Once you have moved all information onto a single account, please deactivate your old account from the Settings tab of the Account page. Afterward, you can add email addresses and networks to your new account from the Account page.
  • You can use 'Suggest Friend' option and bring your friends who are in your unwanted account to your active account.
Related Posts Plugin for WordPress, Blogger...