I am trying to implement a GPO that will only affect users in the remote operators group who are connected to our terminal server. This way I can really screw down security and the desktop but still allow the administrator full access with no restrictions.
Here is what I have done so far.
* in AD I've created a Terminal Server OU and moved the terminal server into it.
* I've created a GPO called Terminal Server Policy and enabled loopback processing.
* I added remote operators to the GPO's security filtering.
* I setup all the various things in the GPO I'd like to see effect these remote users.
When I log in as a remote user, however, none of the settings have been applied.
I check gpresult and it doesn't even show the GPO as being applied.
What am I overlooking?