[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Terminal Server Group Policy

Posted on 2007-03-26
2
Medium Priority
?
479 Views
Last Modified: 2013-11-21
I have an enviroment where we are running a couple of Terminal Servers as well as a bunch of PC's.  I want to create a locked down Group Policy object that will only apply to user when they are logged onto the Terminal Server.  I have an OU with only my Terminal Servers in it, and I have s Separate OU with all of my users.  I have two issues right now. Currently the policy is applying on the User's PC which we cannot have.  The only other thing that I can think of doign is enable Loop Back Policy, but I don't the administrative users to have any policy applied.  What other options do I have here.
0
Comment
Question by:rshooper76
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Expert Comment

by:b0fh
ID: 18794579
The answer is to use multiple policies; Use a policy on the Users' OU (to be applied anywhere the users in the OU  login) and a separate policy for the TS machines (for anyone logging into a Terminal Server in that OU).  

Did you run a gpupdate after applying the policies?  Did you reboot the Terminal Server(s)?  The policy must be "read" to be used.  It sounds as if your user policy has been read already, but might have been applied improperly.

It sounds as if you're halfway there, but may have just mixed up your policies.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 18802742
There is no other option than using the Loopback processing.
To prevent the loopback policies from applying to admin accounts, you can use security group filtering. Create one GPO enabling the Loopback processing, leave the default security settings. Create a different GPO for the user settings, create a security group, remove the default "Authenticated Users" from the Read and Apply permissions to this GPO (or from the Security Filtering list if using GPMC), and add this security group instead. Add all user accounts to which the policies should be applied to the group.

Loopback processing of Group Policy
http://support.microsoft.com/?kbid=231287
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question