Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Terminal Server USer with Group policy vs. same user on laptop

Posted on 2009-07-01
4
Medium Priority
?
376 Views
Last Modified: 2013-12-04
Hi,

Little question i have 2x 2008 server one AD and one TS.  The TS server is server2 and is also domain controller.  I have some users who are external and have a portable laptop and also work via the terminal server.  My users are all in a container where the GPO is applied to lock their desktop on the TS server and lock their start menu and redirect is.

PRoblem is when these users log on to their laptop their dekstop their is locked down also and i want it only to be locked down when this users logs on to the terminal server.  How can i fix this please?
0
Comment
Question by:PlusIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 24765916
Four things nead to be done:
1. Enable user loopback processing on the computer
Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy lopoback processing mode

2. Link the lockdown GPOs with user settings to the OU containing computer object of terminal server instead of the OU with user objects. When loopback processing is enabled, user GPOs linked will also be applied in computer OUs. Conflicting settings that exist in both computer and user configuration will result as the setting in computer configuration (computer configuration has higher precedence than user configuration).

3. Make sure the users has a TS profile separated from their normal profile used on the client machines. This is either done on "Terminal Services Profile"-tab in Properties of each user account or through the following GPO setting.
Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Set path for TS Roaming Profiles
-> Set the path to be the common folder containing the tsprofile folders.

4. To avoid that the lockdown GPOs are applied to administrators, configure security filtering by editing the security on GPOs with lockdown settings and restrict what group of users are allowed/denied the "Apply Group Policy" permissions.
0
 
LVL 10

Author Comment

by:PlusIT
ID: 24776784
thx i will try this asap and let you know if it worked
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 24777763
Just clarifying that 1. nead to be done on terminal server and not the clients.
It should had been "Enable user loopback processing on the terminal server"
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question