We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Group Policy for specific users on Terminal Server

zCitrixz
zCitrixz asked
on
Medium Priority
726 Views
Last Modified: 2010-04-13
Can someone please tell me how I would go about setting up a Group Policy Object in Active directory that would only affect the intended Terminal Server and specific users that connect to it.  I don't want the policy carrying over to every Win2K Pro machine the user logs into log into, which is where I am now with the config.

Thank you
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2007

Commented:
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
Thanks ObdA!  I followed your instruction and everthing worked as it was supposed to.  One problem though.  In order to have this setup work, I had to move users to the Terminal Server OU I had made.  I would much prefer keeping them in the Users OU.  I creating a global security group with the users I wanted applied to the Terminal Server GPO and added the Group to the GPO with appropriate permissions.  This didn't work.  Is there a way to just have groups in the OU and not Users?

Thanks again
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
As said before, you do *not* need to move your users below the TS OU. Once the Loopback feature is activated, the specified GPOs will apply for *every* user logging on to a terminal session (unless prevented by security settings).
Make sure you use the "Loopback" GPO *only* to activate the Loopback; do not specify other policies in this GPO. Instead, create additional GPOs. Make sure as well that the security settings for the Loopback GPO are still at their default setting (Read/Apply for Authenticated Users).
Creating groups in an OU, putting users from another OU in those groups and then trying to apply GPOs to the "Group" OU will *not* work.

Group Policy Objects Applied to Organizational Units Containing Only Groups Are Not Applied to Members of Those Groups
http://support.microsoft.com/default.aspx?kbid=220822

Author

Commented:
It's all working great now!  oBdA - your original comment was bang on.  I revisted the configuration and had messed something up with the LoopBack policy.

Thanks oBdA.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.