Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 784
  • Last Modified:

Terminal Server OU Policy not working

I setup a new OU and moved my Terminal Server to it and created a group policy for the OU.  When i log in I don't see any of my policies being applied to my session.  Any ideas what I might be missing?  I enabled User Group Policy loopback processing mode also.
1 Solution
The TS needs a reboot after applying the Loopback policy before it will work.
Check here for details:

Loopback Processing of Group Policy

How to Apply Group Policy Objects to Terminal Services Servers

Locking Down Windows Server 2003 Terminal Server Sessions
Cláudio RodriguesFounder and CEOCommented:
Not only that. The right way to setup the group policy for TSs is:
1. Create the GP at the OU level where the TSs are (usually some OU called Terminal Servers).
2. REMOVE 'Authenticated Users' from the list of groups the GP applies to.
3. DENY the GP to apply to administrators.
4. ADD the group you want the GP applied (normally we create a group for that, usually named 'TSUsers').
5. ADD the terminal servers COMPUTER accounts to the list of groups.

Make sure for steps 4 and 5 you check 'Apply Group Policy'.
Also on the loopback settings set it to replace.

Hope this helps.

Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
emauchAuthor Commented:
I've made all the changes list above but it still isn't applying.  I found the following error in the event log:

Windows cannot access the file gpt.ini for GPO cn={SID}.....The file must be present at the location \\domain\sysvol\domain\policies\{SID}.  the system cannot find the path specified.  Group Policy processing aborted.

Any other ideas?
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Have you seen this article:
emauchAuthor Commented:
I think I'm getting closer.  I browse to \\domain\sysvol\domain and I don't see the policy from the terminal server but I do see it from the domain controllers.  Any further ideas.
emauchAuthor Commented:
I found we were experiencing replication issues so I manually copied the policy to the DC the Terminal Server was looking for the policy and that fixed the issue.
Cláudio RodriguesFounder and CEOCommented:
Well after you mentioned the error for GPT.INI the only possible solution was for sure at the Domain Controller level. :-)
I hope the steps I gave to you helped.


Cláudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now