Terminal Server Group Policy
I want a strict policy to be applied to my 2003 Terminal Server, a member server in a 2003 AD. I followed the directions on the following link:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;260370
No Joy!
My users are in OU's by location or role. IF I add the GP to the user OU it works, however this would impact their local computer as well, which is bad.
What am I missing here?
http://support.microsoft.com/default.aspx?scid=kb;EN-US;260370
No Joy!
My users are in OU's by location or role. IF I add the GP to the user OU it works, however this would impact their local computer as well, which is bad.
What am I missing here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you change the default permissions of the "Loopback" GPO as well? If so, change this one back to the default "Authenticated Users" (or add your terminal server accounts to the security group you allowed the GPO to load).
I am having the exact same issues here. From what I understand, loopback works based on the client machine. For the loopback policy to be active you must place all terminal server client machine accounts in the OU with that policy applied. This creates a huge problem for us since our thin clients are WYSE 3235 boxes running CE and are not "domain aware" so they cannot have computer accounts in active directory. So I can't place the policies on the users' OU because it will lock down their local computer as well, and I can't place the policy in loopback mode because my terminal server clients are not recognized by active directory. HELP!
ASKER
I have it working fine now.
The loopback works on whatever OU you have it set on. If you follow the TID to the letter, both parts of it (step 2 is not optional) it will work. Make sure you do a GPUpdate after you set the new policy so it force the server to get updated.
I have an OU just for Terminal servers only, nothing else is in this OU. I have users and computers in the own OU's based on location and department. The users have GP's that are on their OU and only effects the local computer account. However, when the user logs into the Terminal server, they Loopback Policy forced the GP in the Terminal Server OU to replace the policy in the users context.
My issue on 3/1 was that the policy took 3 hours to push out and I was too tired to think of doing a GPUpdate.
Use this TID:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;260370
The loopback works on whatever OU you have it set on. If you follow the TID to the letter, both parts of it (step 2 is not optional) it will work. Make sure you do a GPUpdate after you set the new policy so it force the server to get updated.
I have an OU just for Terminal servers only, nothing else is in this OU. I have users and computers in the own OU's based on location and department. The users have GP's that are on their OU and only effects the local computer account. However, when the user logs into the Terminal server, they Loopback Policy forced the GP in the Terminal Server OU to replace the policy in the users context.
My issue on 3/1 was that the policy took 3 hours to push out and I was too tired to think of doing a GPUpdate.
Use this TID:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;260370
ASKER