dvieth
asked on
Setting up Group Policies on a 2003 terminal server in a 2000 active directory domain
I currently am adding a 2003 Terminal server to our 2000 domain. I need to implement group policies for users logging into the terminal server (but only on the terminal server not there existing machines).
I have created a seperate OU and moved the terminal server into it. I enabled loopback and set some generic policies up for testing (hide desktop, add loggoff). after doing this i refreshed the 2000 policy using secedit. when users login to the 2003 server (directly or over TS)the policies are not taking affect.
I tried moving a 2000 profesional workstation into the locked down ou and that is working fine. Just not on the 2003 server. I tried building another 2003 server for testing and cannot get it to take the GP either HELP!!!!!
I have created a seperate OU and moved the terminal server into it. I enabled loopback and set some generic policies up for testing (hide desktop, add loggoff). after doing this i refreshed the 2000 policy using secedit. when users login to the 2003 server (directly or over TS)the policies are not taking affect.
I tried moving a 2000 profesional workstation into the locked down ou and that is working fine. Just not on the 2003 server. I tried building another 2003 server for testing and cannot get it to take the GP either HELP!!!!!
I'm assuming you've used the same GPO to enable the loopback and to set the user restrictions? That doesn't work (for whatever reasons).
In your TS OU, use one GPO where you only enable the loopback processing, then create another GPO in which you define the user policies.
In your TS OU, use one GPO where you only enable the loopback processing, then create another GPO in which you define the user policies.
ASKER
did that.....thanks though
ASKER
I dont have the same gpo for the loopback
ASKER
Ive created one GPO called "loopback" and enabled just that in that policy object. Then I created another for user restrictions called TSPolicy.....I'm missing somthing here HELP!!!!
Did you enable the No override option in the OU or policy that's above this policy?? Could you try to create a new OU, add the computer and user that you can test with and set both the policies on this OU. Then check if it works..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I cant remember if i have block inheritance checked or not...i think i tried that but will double check. If I add the user to the locked down ou it works fine. I will be there on thursda and will check then. Thanks
You should do a gpupdate on the 2003 machine to enforce the newly created GPO.. If you don't force it, it can take up to 2 hours before the changes take effect...