We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Windows 2000 Group Policy

Battymo
Battymo asked
on
Medium Priority
415 Views
Last Modified: 2010-04-13
I've applied a domain wide policy for a corporate wallpaper for all users.  That works fine.  However, I would like to deny this policy when users log in to the terminal services server.  I've tried to add the TS computer to the security of the GPO and deny the apply group policy permission, but it doesn't work.  If I deny my user the same permission and log on, it works, but for some reason it wont deny for the computer account.  Is there something that I'm missing?

Thanks!
Comment
Watch Question

Fatal_ExceptionSystems Engineer
Top Expert 2005

Commented:
To enable a GPO on a computer account, the Computer Object must be in the container which the GPO is being applied...  or the GPO must be applied to the container where the computer resides..

FE
Fatal_ExceptionSystems Engineer
Top Expert 2005

Commented:
So add the computer account and use the Deny permission..  this should work..

Author

Commented:
Tried your suggestion by creating an OU for the terminal services server computer and applying  the GPO there, while denying the apply group policy permission for that computer.  However, the same thing occurs, and the policy is still applied when I log into the terminal server.

Any thoughts?
Fatal_ExceptionSystems Engineer
Top Expert 2005

Commented:
I am missing something here also... must be the afternoon doldrums creeping up on me..  Did you try creating a separate policy for that container that did not include the wallpaper, and try actually applying it to the computer account..??  Instead of Deny..??
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Fatal_ExceptionSystems Engineer
Top Expert 2005

Commented:
Thanks oBdA..  Just not thinking in TS mode today...!!  Was hoping someone else would join in the fun here...  :)

Author

Commented:
oBdA is the winner!!  It works just as you said.  Took me a while to find the Activate Loopback policy though.  You are my hero, and now I can finally get back to slacking off!  Thanks my friend!
Fatal_ExceptionSystems Engineer
Top Expert 2005

Commented:
Yep..  King of TS..!!   nicely done and am glad he stopped in...

FE
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.