Group Policy for Terminal Servers

Posted on 2006-05-17
Last Modified: 2010-04-18
I'm migrating my NT4 domain over to an Active Directory system.  However I'm having a problem setting up a Group Policy.  It relates to Terminal Server.

I have an OU with just the Terminal Servers in it.  Win2k Standard Server.  No users.  I have a seperate OU with the users in that.  The users sometimes log into the Terminal Server, sometimes into a PC.  When they log into the TS, I need a more restrictive policy to take effect.  All of the settings are only User based Policies, no computer based.

The rule I have works, but only if I apply it to Authenticated Users.  If I apply it to the group instead, it doesn't work.  I've tried loopback, but that didn't help.  I may not have done that right, I'm not sure.

Any guidance would be greatly appreciated.  This is my last obstacle to moving to AD for Win2k3.

Question by:NDnickb
    LVL 4

    Expert Comment

    LVL 8

    Accepted Solution

    you need to apply loopback to a GP object

    Also you need to reboot the TS server once you apply loopback

    What loopback does is it lets you make changes to the USERS section, and have it apply only to the users when they login to the terminal server. Loopback will prevent the settings from being applyed to the users when loged into their workstations.

    This write up works, i used it a while back;en-us;260370

    Author Comment

    Ok, I think I've narrowed down my issues.  First problemw was "who" the GPO was being applied to.  I was using the Group Policy Management tool and couldn't get it to work with anyone but "Authenticated Users".  But by going through Users and Computers, I've been able to set it so the right person has read/apply settings, and the admins don't.

    But that brings me to my next problem.  I can get the policy to work if I select a single person.  But if I apply it to a group, it doesn't.  What's really strange, is that if I log in as that user and have the rule only applied to the group, run GPResult, it doesn't show that the user is even in the Security Group.  What would cause that?  Any ideas.

    Author Comment

    I've just done some more testing.  First off, the group is a Global Group, not domain local.  If I apply it to that group, it still doesn't work.  But at least now the test user shows up as being in that group when I run a GPResult.  The GPO still doesn't work though when I apply it only to that group.

    But if I remove that group and put in "Authenticated Users", then do a "deny" apply to Domain Admins and Enterprise Admins, it works.  Not the way it "should", but it gets the job done.

    Any thoughts or can anyone fill me in on why it isn't working with my Security Group?

    Author Comment

    If anyone is interested, I've got it working.  What I needed was to add the computer account to the Global Security group.  Then it works.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now