How to configure GPOS to only run when logging into remote desktop

Posted on 2009-05-13
Medium Priority
Last Modified: 2012-05-06
I know there is a setting for this but cannot recall what it is. I have several GPOS that I only want to execute for users logging into Remote Desktop, and not whenn they first login to their desktop. I am having a problem where some execute for users logging in on there 2000 or XP machines, and it is causing problems.
Question by:tamray_tech

Expert Comment

ID: 24380646
unless they're run manually, Group Policy applies on machine startup, *some* parts run on user logon, and otherwise GPO refreshes every 90 minutes with a 30 minute offset to ensure randomization of host synchronization if my memory serves me correctly..  what specifically are you having problems with and we might be able to off better assistance.

Author Comment

ID: 24380787
We run a Terminal Server environment. Almost all GPOs in Active Directory are geared with that in mind. In particular Usrlogon.cmd has a line in it that calls userlogn2.cmd (these only exist on the RD servers). Usrlogn2.cmd copies down all reg files from the users H: drive for IE, Office, and Outlook. That is fine, since the .cmd files only exist on each Terminal Server. The problem I am having is the GPO for our staff that governss folder redirection, etc, also has a logoff script named logoff.cmd. This script copies up current reg files to the users H: drive. This causes a problem when the user logs off of their desktop. They do not have anything configured on their PC, so empty,or misconfigured reg files are being copied up to their H: drive. when they login to RD the empty or misconfigured reg files are copied down, so they lose their email settings, etc...

LVL 57

Expert Comment

by:Mike Kline
ID: 24380816
What you could do is use loopback processing.  GP MVP Darren Mar-Elia has a good blog entry on that here:
The the policy would be linked at the OU where the TS servers aer and since loopback would be enabled it would affect the users logging on to the TS boxes but won't apply to their desktops.
LVL 18

Accepted Solution

Americom earned 2000 total points
ID: 24381404
If you want user configuration to apply when they logon to server via RDP(to servers or terminal servers), then the GPO needs to link to the OU with the serves and enable loopback processing as Mike suggested above. But you may not want to have the usrlogn2.cmd apply to all users, may be you don't want it to apply to certain group of users like administrators etc. If that's the case you may want to take a look at this link http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24170112.html
This thread shows you how loopback GPO being used with step-by-step example.

Expert Comment

ID: 24386065
It sounds like you're looking to only apply Usrlogn2.cmd (or any other terminal server specific scripts) when anyone logs in via terminal services only.  correct?  and if so, it seems like you just need to modify your scripts a bit...

are there any environemental changes between terminal service connections vs. normal logon?  like the profile path?  http://support.microsoft.com/kb/246132

If so, then your fix is relatively easy:  only apply your TS scripts in your TS environment.  ergo. add something to your script like:

If %home_directory% = myTerminalSvcHome Then
    call TS_Specific_cmd_files
// Run your normal logon script files.
end if

i can provide code if this is something you'd like to do... however i need to know some absolute difference between your TS environment and your normal logon environment that can be tested for with a script.  also.. what language?   vbs, autoit, kix, batch, perl?   ...that's all i can offer (and batch might be more of a pain than it's worth)

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question