donnatronious
asked on
About to give up...
Ok I have read many articles here and other places and still can't get this to work. Someone please try to explain in there words.
Trying to make separate group policy when logon to terminal server. I have one DC and a member server with TS in app mode. All win 2K. I have created OU called terminal servers. I have put the terminal server in that OU. I have added a GPO called "Loopback" and have set the loopback option under computer configuration. I have set the policy to "shut down the system" for only administrators.
When I log in as a normal domain user, I still have the option to shut down the system. What gives?
Trying to make separate group policy when logon to terminal server. I have one DC and a member server with TS in app mode. All win 2K. I have created OU called terminal servers. I have put the terminal server in that OU. I have added a GPO called "Loopback" and have set the loopback option under computer configuration. I have set the policy to "shut down the system" for only administrators.
When I log in as a normal domain user, I still have the option to shut down the system. What gives?
Well I dont think you need to create a policy to do this because by default only administrators & power user group has the right to shutdown the server .
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok cool it works. I also denied this towards administrators and that works to. Now, what is the best way too define a mandatory profile for users who login to this computer?
I was struggling with this in my spare time for some while. I discovered if a specific setting in the default domain GPO and the remote GPO in the terminal server OU were each configured, and differently, I could not get loopback to work. I removed the troublesome entries from the default policy, leaving the policy unconfigured in the default policy. Then the remote policy lookback worked. I added a GPO to the domain's list called "workstations" with the specific settings for the workstations. I'm taking this off my to-do list.