I have 2 servers at two different companies setup as terminal servers. they are both Windows Server 2003 Latest Service Packs and updates. and both 32bit. both seem to be showing the same symptoms so it might be somehting im missing on the configuration side.
i have recently setup loopback policies on these servers to overwrite their Client machine GPO with the terminal server policy on that machine as obviously i want much tighter permissions on the TS.
i have created an OU called Terminal Servers and have put the Terminal server computer into that OU. i have blocked inheritance for that OU.
in the Security filtering options it says "The settings in this GPO can only apply to the following groups, users and computers:"
i have then gone to the delegation tab selected advanced and set a deny permission for (archsupp\administrators) to stop the administrator account from having the loop back polcy apply to it. (also the users im using to test the servers are not members of the administrators group)
authenticated users has the Read and apply group policy permission set to allow as does Navisions$ (archsupp\navision$) (the name of the terminal server)
all other groups or names dont have anything ticked for apply or deny group policy i.e. system enterprise admin and so on.
Inside the Group Policy Object, Computer Configuration -> administrative templates -> system -> Group policy, the "User Group Policy loopback processing mode" is set to Enabled with Replace
i believe those are the only settings i have changes, are there any steps im missing? if not is there a good way to check group policy replication from the DC to the terminal server?