Link to home
Start Free TrialLog in
Avatar of zabac
zabac

asked on

Group Policy Applied Only to Terminal Server Logins

I know that I can set the default file locations for Office 2003 programs using group policy.  Is there any way to have this group policy applied to the users only if they login to a Windows 2003 terminal server or a Ciitrix session but not when the same user signs into there desktop?
ASKER CERTIFIED SOLUTION
Avatar of Pber
Pber
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
nprignano,

As per the loopback processing link, you place the Citrix/Terminal servers in their own OU, then you apply the GPO to that OU.  Loopback processing would still be needed since the GPO default file location setting in the Office 2003 is a user configuration and thus wouldn't apply to an OU that contains only computers.

You could place the users in that same OU, but then that could break other GPO's and possibly other things.  The user wants different polices for desktops and terminal servers and since this is a user setting, loopback is really the only way to do this.  This is exactly what loopback was designed to do.  Allow for different user configurations based on the computer they log on to.
If you apply the GPO to authenticated users on that OU, then any user logging into a server in that OU will receive that GPO.  So, we set both computer config settings and user config settings on the same GPO.  Users are in seperate OU in the Users container, Desktop PCs are in a seperate OU in the Computer container (with their own GPO).  

We do not use loopback processing, so your statement of " The user wants different polices for desktops and terminal servers and since this is a user setting, loopback is really the only way to do this" is not correct.  

Loopback may be the way intended by Microsoft, but its not the only way.
Are you sure you don't have loopback turned on?  Or are you applying the GPO to the OU above the users/computers OU?

If you define both user and computer settings in a GPO and you apply that to a GPO that is only contains computers, the users settings will not apply.  The only caveat to that is if you use loopback processing, or the users are in a subOU of the OU you placed the policy (via GPO inheritance).  I suspect you are doing one of the above.  

ah, yes, inheritance.  you got me.  but still no loopback :)
Avatar of zabac
zabac

ASKER

I have created a terminal servers OU.  I have moved my terminal (Citrix) servers into this OU.  I have created a gpo with loopback replace computer settings and with the office 2003 user settings and applied the gpo to the terminal servers OU.  This does not work.  However when I move user account into the terminal servers OU it works for that user.  What am I doing wrong?  Does this mean that the OU where the user account was originally has gpos that are overriding the loopback gpo?  How can I tell if this is happening?
from a command prompt as the user, type gpresult and hit enter.

this will tell you which GPO was applied.
A few days have passed here, so I'm not sure it is working.  But normally after you apply that GPO, you need to do a reboot or a gpupdate /force for the settings to apply to the Terminal servers.  It sounds like you are doing things right.

this might help:
http://technet2.microsoft.com/WindowsServer/en/library/5bc451ca-3b65-4b7c-9f09-fc528e52007b1033.mspx?mfr=true
http://support.microsoft.com/kb/250842
I am still interested in finding out if zabac got this working.
Hopefully the question author will receive notification of my "ping" above and respond accordingly. There will be at least 8 days from now before the question can be closed - the ping expires in 4 days and then I post a cleanup recommendation which takes at least 4 days before an action is taken by the moderators.

I notice in the author's profile that other questions have been PAQ'ed, in which case they may have just legitimately forgotten about this question.

tigermatt
Experts-Exchange Cleanup Volunteer
happens to the best of us :)
Forced accept.

Computer101
EE Admin