Keep User Login Script from Running on Specific Computers

I have a printer script policy that applies to two users which reside in OU1.

We recently installed a terminal server that will host an application these users will use.  This terminal server is in OU2.  

However, whenever the users from OU1 log into the terminal server their login script executes and attempts to install their printers.  Short of using WMI filtering, how I can prevent this USER policy from executing on this particular server?  

Thanks!  
ColebertAsked:
Who is Participating?
 
KCTSConnect With a Mentor Commented:
If its a logon script then it applies to USERS and is executing because the user is in OU1. This is to be expected. You could use loopback to re-apply the Computer Policy
See http://support.microsoft.com/kb/260370
0
 
orizivCommented:
You can block policy inheritance on OU2 or move the terminal server to a simple container (non OU).
1. locate the OU on user and computers and open its properties
2. go to the "group policy" tab
3. check the block inheritence check box and apply

If you have policies you want to run you can simply copy them to the blocked OU.
0
 
ColebertAuthor Commented:
i forgot to mention:  I have inheritances blocked on the OU2.  

However, RSoP logging reports these users will still receive the login script.  I also made sure that the printer script policy is not enforced, just linked.
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ColebertAuthor Commented:
btw, we are dealing with a 100% server 2003 environment.
0
 
orizivCommented:
Delete the policy object's link itself from OU2:
Just open the OU properties at the group policy tab and delete the object.
When prompt, choose to delete only the link not the whole object.
0
 
ColebertAuthor Commented:
there is no link or anything for the printer script policy in OU2.  
0
 
orizivCommented:
In that case, the script isn't defined on the server's GP.
check the user's profile, do they have a log-in script?
0
 
ColebertAuthor Commented:
ok

OU1: Users & Their Computers
OU2: The Terminal Server

GP1: The Group policy w/ the Printer Script; User Side only

There are no login scripts defined everywhere else, and I am 100% certain the GP is what is causing the script to execute on the server (RSoP confirms.)  I am also certain OU2 has inheritance blocking.  But yet the script continues to run.
0
 
orizivCommented:
It doesn't make sense to me.
Try to delete the GP object and re-create it on OU1 (not on the root container)
0
 
zoofanCommented:
I might suggest setting the security policy of the GPO itself,  under delegation advanced, add the computer account for the TS and select "deny" apply for that server.  As this could be a result of user config/computer config disable/enable.  But denying the appy to the server should prevent it from being applied regardless of who logs in.

zf
0
 
zoofanCommented:
My suggestion was with the understanding that the only thing that specific GPO does is the printer script.

zf
0
 
ColebertAuthor Commented:
exactly KCTS!  

 I'm not surprised this is happening.  I'm trying to carve out an except to keep this script from running on that server.

i just created and linked a GPO into OU2 that enables loopback policy (replace mode.)  logged into the server with the user and now no more script!    w00t.

thanks!
0
 
zoofanCommented:
You might also consider forceing the GPO update as I didnt see that mentioned anywhere above and without dooing that after each change, Im not sure if this is required for an accurate RSOP or not but...

gpupdate /Target:User /Force /Wait:-1
gpupdate /Target:Computer /Force /Wait:-1

/Target sets which configuration /force forces the update regardless of interval and /Wait:-1 means wait until its done applying(no limit)


zf
0
 
ColebertAuthor Commented:
zoofan, i tried that before and it didn't work.  thanks though!
0
 
zoofanCommented:
cheers,  glad to hear you got working.

zf
0
All Courses

From novice to tech pro — start learning today.