• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 198
  • Last Modified:

Does Windows 2000 DC group policy work on Windows server 2003 terminal server

I hope you can help

I have a windows 2000 server DC and 2 windows 2003 servers configured as terminal server.

I have done the following to try to apply a group policy to the 2 windows 2003 servers

To create a new OU for the Terminal Services servers, follow these steps:
On the taskbar, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
Expand the left pane.
Click domainname.xxx.
On the Action menu, click New, and then click Organizational Unit.
In the Name box, type a name for the Terminal Services server.
Click OK.

The new Terminal Services OU now appears in the list in the left pane and contains no default objects. The Terminal Services servers reside in either the Computers OU or the Domain Controllers OU.
Locate and click the Terminal Services server or servers, click Action, and then click Move.
In the Move dialog box, click the new Terminal Services server or servers, and then click OK.
Click the new Terminal Services OU to verify that the move has successfully taken place.

To create a Terminal Services Group Policy object, follow these steps:
Click the new Terminal Services OU.
On the Action menu, click Properties.
Click the Group Policy tab.
Click New to create the New Group Policy object.
Click Edit to modify the group policy.

When modifications are completed, close the Group Policy editor, and then click Close to close OU Properties.

I have also ticked the NO over ride option for the policy with no luck.

However, The group policy that I have created are not taking effect.

Does Windows 2000 DC group policy work on Windows server 2003? and How can I get this working?

Thanks

James
0
intouchsystems
Asked:
intouchsystems
  • 2
1 Solution
 
harleyjdCommented:
What options are you using from the Group Policy?

I suspect you're locking down the UI - All User Configuration stuff. As the users are not in the OU with the terminal server you need to enable loopback processing on the GP to have it apply to users in a different container.

How to Apply Group Policy Objects to Terminal Services Servers - http://support.microsoft.com/default.aspx?scid=kb;en-us;260370&sd=tech
Loopback Processing of Group Policy - http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287
Locking Down Windows Server 2003 Terminal Server Sessions - http://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en

The other thing to consider is refresh interval - by default on non-dc servers and all workstations the refresh is 90 minutes +/- 30 minutes, so potentially it could take 2 hours before your policy is applied. On the 2k server policy is refreshed by typing "secedit /refreshpolicy machine_policy /enforce" and "secedit /refreshpolicy user_policy /enforce" at a command prompt. To refresh on the w2k3 server type "gpupdate /force"
0
 
intouchsystemsAuthor Commented:
Thanks

the loopback process worked.

Cheers
0
 
harleyjdCommented:
So only a "b"? :)

0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now