1
00:00:03,070 --> 00:00:09,220
So the other category of systems that I mentioned that benefit from loop back processing are these so

2
00:00:09,220 --> 00:00:16,420
called remote desktop servers, terminal servers, Citrix servers and VDI or virtual desktop infrastructure

3
00:00:16,420 --> 00:00:17,140
deployments.

4
00:00:18,080 --> 00:00:23,630
And where these are different from, you know, a typical desktop or a typical user scenario is that,

5
00:00:23,630 --> 00:00:29,870
for example, an ARDS server might allow multiple users to log in and run applications on that server.

6
00:00:29,870 --> 00:00:35,480
And so the users are all sharing a single OS and essentially have to play nice and have to do behaviors

7
00:00:35,480 --> 00:00:38,510
that don't impact the resources against other users.

8
00:00:39,420 --> 00:00:42,360
And so they need to be limited in terms of what they can do.

9
00:00:42,360 --> 00:00:45,900
And that's where group policy and loopback processing can come in.

10
00:00:46,860 --> 00:00:53,280
So in that scenario you have loopback enabled on the RDC server or servers and the user logs in and

11
00:00:53,280 --> 00:00:56,980
gets a different experience from their normal desktop when they log in.

12
00:00:57,910 --> 00:01:04,600
Now VDI machines are a little bit different because a VDI desktop is really just like a physical desktop,

13
00:01:04,600 --> 00:01:08,290
except it just happens to be running in a virtual machine environment.

14
00:01:09,290 --> 00:01:12,410
So there's typically only one user per machine.

15
00:01:13,350 --> 00:01:20,130
But it also benefits from group policy limiting that user activity because in a lot of VDI implementations

16
00:01:20,130 --> 00:01:22,740
you get so-called non persistent desktops.

17
00:01:23,730 --> 00:01:29,520
And what those are are desktops where the users, the desktop is actually spun up when the user logs

18
00:01:29,520 --> 00:01:31,830
on and discarded when the user logs off.

19
00:01:32,830 --> 00:01:39,340
So you don't want the user to be able to, for example, save any user data persistently to that desktop

20
00:01:39,610 --> 00:01:43,660
because it'll just be deleted when that machine when they log off that machine.

21
00:01:44,630 --> 00:01:47,150
So group policy can help here as well.

22
00:01:48,140 --> 00:01:51,290
Some of the settings that you can use for these shared systems.

23
00:01:51,440 --> 00:01:54,770
From a computer perspective, the turn off the system.

24
00:01:54,770 --> 00:01:57,650
Restore turn off system, restore policy.

25
00:01:58,600 --> 00:02:02,500
What that does for you is it gives you especially on VDI systems.

26
00:02:02,530 --> 00:02:08,410
It prevents activities like System Restore, which really don't have any meaning in a VDI environment

27
00:02:08,590 --> 00:02:12,070
and certainly not in a non persistent VDI environment.

28
00:02:13,010 --> 00:02:15,230
Don't have any meaning to those systems.

29
00:02:15,350 --> 00:02:17,630
So you can turn off some of those features.

30
00:02:18,600 --> 00:02:20,850
You can disallow offline files.

31
00:02:21,830 --> 00:02:27,980
So what does is let's say you've got users with folder redirection, their redirected folders are not

32
00:02:27,980 --> 00:02:30,500
automatically cached on that shared system.

33
00:02:31,430 --> 00:02:37,040
So it might be an RDA server or it might be a VDI server, but you don't want the user's data to be

34
00:02:37,040 --> 00:02:43,160
cached there because over time with lots and lots of users connecting or with those non persistent desktops

35
00:02:43,160 --> 00:02:47,180
in the VDI world going away, it doesn't make sense to cache files.

36
00:02:48,190 --> 00:02:53,230
So this allows you to turn off that feature when the user is on one of these shared systems.

37
00:02:54,160 --> 00:02:59,700
And then there's a whole slew of options under the remote desktop services, admin templates, settings

38
00:02:59,710 --> 00:03:05,500
under remote desktop session host that lets you tweak and configure the remote desktop session as it's

39
00:03:05,500 --> 00:03:07,660
hosted by either an ARDS server.

40
00:03:08,610 --> 00:03:14,940
Or if you're using VDI with the Microsoft technology stack and you're using RDC to connect to a VDI

41
00:03:14,940 --> 00:03:17,730
instance, then these settings hold as well for that.

42
00:03:18,740 --> 00:03:21,920
So there's a whole bunch of settings to look at there.

43
00:03:22,940 --> 00:03:29,480
I would also recommend using either GP preferences or security settings system services to turn off

44
00:03:29,480 --> 00:03:35,090
Windows services that are not needed in these environments and especially in VDI environments.

45
00:03:35,120 --> 00:03:36,830
I think this can come in handy.

46
00:03:37,800 --> 00:03:43,350
So in addition, you've got some user policy settings that are useful in these shared system environments

47
00:03:43,530 --> 00:03:48,990
and kind of related to the offline files are the Microsoft Outlook Settings for turning off exchanged

48
00:03:48,990 --> 00:03:49,800
cached mode.

49
00:03:50,800 --> 00:03:57,580
So again, just like offline files, you don't want a user logging into an RDC server or a VDI instance

50
00:03:57,580 --> 00:04:00,460
and having their entire outlook inbox cached there.

51
00:04:01,410 --> 00:04:05,340
It'll take up disk space if multiple users are doing it over time.

52
00:04:05,340 --> 00:04:11,280
In the case of an RDA server or in the case of a VDI server, it may just get deleted when the user

53
00:04:11,280 --> 00:04:13,350
logs off, so there's no value in it.

54
00:04:14,340 --> 00:04:17,310
So I like to turn off using this policy.

55
00:04:18,260 --> 00:04:23,480
Now notice that this policy is a listed as a microsoft Outlook TSX.

56
00:04:24,470 --> 00:04:30,430
I left the version number open there because this is available in multiple versions of Outlook and Office.

57
00:04:31,410 --> 00:04:37,320
But this does require the separate admin x files from Microsoft Office that are available on the Microsoft

58
00:04:37,320 --> 00:04:43,320
download site so you can get office admin template files and add them to your GPOs as I described in

59
00:04:43,320 --> 00:04:47,040
an earlier module in order to get access to these outlook settings.

60
00:04:48,020 --> 00:04:52,370
Another one that I like is personalizing and forcing the specific screensaver.

61
00:04:52,520 --> 00:04:57,650
So you don't want to let the user choose one of the 3D screensavers that ends up chewing up a bunch

62
00:04:57,650 --> 00:05:02,960
of CPU cycles on a shared machine or on a VDI instance on a shared infrastructure.

63
00:05:03,910 --> 00:05:06,190
You want a force like a blank screensaver.

64
00:05:06,220 --> 00:05:12,040
And so using this policy allows you to do that, allows you to get basically force the user to use a

65
00:05:12,040 --> 00:05:16,180
specific screensaver that's not going to be impactful if it switches on.

66
00:05:17,140 --> 00:05:22,300
So that kind of covers the two different scenarios where loopback processing comes in handy.

67
00:05:23,250 --> 00:05:26,450
And now I'm going to summarize what we've learned in this module.

68
00:05:26,460 --> 00:05:31,800
And then in the next module, we're going to shift gears and go back to talking about how you can manage

69
00:05:31,800 --> 00:05:35,460
and take advantage of some of the management features in group policy.