asked on

Windows 2000 Group Policy

I've applied a domain wide policy for a corporate wallpaper for all users. That works fine. However, I would like to deny this policy when users log in to the terminal services server. I've tried to add the TS computer to the security of the GPO and deny the apply group policy permission, but it doesn't work. If I deny my user the same permission and log on, it works, but for some reason it wont deny for the computer account. Is there something that I'm missing?

Thanks!

Fatal_Exception

To enable a GPO on a computer account, the Computer Object must be in the container which the GPO is being applied... or the GPO must be applied to the container where the computer resides..

FE

Fatal_Exception

So add the computer account and use the Deny permission.. this should work..

Battymo

ASKER

Tried your suggestion by creating an OU for the terminal services server computer and applying the GPO there, while denying the apply group policy permission for that computer. However, the same thing occurs, and the policy is still applied when I log into the terminal server.

Any thoughts?

Fatal_Exception

I am missing something here also... must be the afternoon doldrums creeping up on me.. Did you try creating a separate policy for that container that did not include the wallpaper, and try actually applying it to the computer account..?? Instead of Deny..??

ASKER CERTIFIED SOLUTION

oBdA

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Fatal_Exception

Thanks oBdA.. Just not thinking in TS mode today...!! Was hoping someone else would join in the fun here... :)

Battymo

ASKER

oBdA is the winner!! It works just as you said. Took me a while to find the Activate Loopback policy though. You are my hero, and now I can finally get back to slacking off! Thanks my friend!

Fatal_Exception

Yep.. King of TS..!! nicely done and am glad he stopped in...

FE