Group Policy Loopback Terminal Server
Posted on 2007-10-11
Please help!!!! Need to apply a GPO asap.
I have a user OU "data mgmt" which has a GPO to setup standard desktops that the users log on to. I also have a Terminal Server OU. My TS is located in that directory which has a GPO that needs to apply a very restrictive user settings GPO. So my users log into their desktop and have standard profile settings, but when they RDP to the Term Server, they use the same username and password. I need to make sure that the user settings on the TS GPO are applied. For example, one setting on the data mgmt policy is to allow the user to shut down, however on the terminal server, I do not want that.
I came across a setting on the TS OU GPO:
User Group Policy loopback processing mode
Computer Configuration/Administrative Templates/System/Group Policy
Here is the info in the policy information:
Applies alternate user settings when a user logs on to a computer affected by this setting.
This setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.
By default, the user's Group Policy objects determine which user settings apply. If this setting is enabled, then, when a user logs on to this computer, the computer's Group Policy objects determine which set of Group Policy objects applies.
To use this setting, select one of the following modes from the Mode box:
-- "Replace" indicates that the user settings defined in the computer's Group Policy objects replace the user settings normally applied to the user.
-- "Merge" indicates that the user settings defined in the computer's Group Policy objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer's Group Policy objects take precedence over the user's normal settings.
If you disable this setting or do not configure it, the user's Group Policy objects determines which user settings apply.
Note: This setting is effective only when both the computer account and the user account are in Windows 2000 domains.
If you read the 'NOTE' shows it works on Win 2000 domains. However, I am using Windows 2003 domain and the user is also in the Win 2003 domain.