Group Policy for Terminal Server
Posted on 2007-11-16
I am having trouble apply a group policy to our terminal server.
The remote users policy applies perfect to the terminal server but I found I need another GPO to harden it further. Users outside of the remote user OU (users in the Arizona and California OU)can go into the control panel and have access to all the items there. I want to remove almost all items except things like printers/faxes;mail;scanners and cameras; etc
Now I created a GPO in the terminal Servers OU (maybe this is my mistake) removing those items from the control panel but the policy is not applying. GP Modeling is showing empty, but its not. I dont want the policy to apply to the users on their own machines, only when they log onto the TS which is why I created the GPO in the TS OU.
I am a member of the Arizona OU so if I have to create the GPO at the Business Users OU I dont want it to apply to me. I am a member of all admin groups if that helps.
The AD structure is like so
Business Users OU
Default Domain Policy
Arizona Users OU
California Users OU
Remote Users OU
Remote Users Policy
Terminal Servers OU
Remote Users Policy link