• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 383
  • Last Modified:

Terminal Server USer with Group policy vs. same user on laptop

Hi,

Little question i have 2x 2008 server one AD and one TS.  The TS server is server2 and is also domain controller.  I have some users who are external and have a portable laptop and also work via the terminal server.  My users are all in a container where the GPO is applied to lock their desktop on the TS server and lock their start menu and redirect is.

PRoblem is when these users log on to their laptop their dekstop their is locked down also and i want it only to be locked down when this users logs on to the terminal server.  How can i fix this please?
0
PlusIT
Asked:
PlusIT
  • 2
1 Solution
 
Henrik JohanssonSystems engineerCommented:
Four things nead to be done:
1. Enable user loopback processing on the computer
Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy lopoback processing mode

2. Link the lockdown GPOs with user settings to the OU containing computer object of terminal server instead of the OU with user objects. When loopback processing is enabled, user GPOs linked will also be applied in computer OUs. Conflicting settings that exist in both computer and user configuration will result as the setting in computer configuration (computer configuration has higher precedence than user configuration).

3. Make sure the users has a TS profile separated from their normal profile used on the client machines. This is either done on "Terminal Services Profile"-tab in Properties of each user account or through the following GPO setting.
Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Set path for TS Roaming Profiles
-> Set the path to be the common folder containing the tsprofile folders.

4. To avoid that the lockdown GPOs are applied to administrators, configure security filtering by editing the security on GPOs with lockdown settings and restrict what group of users are allowed/denied the "Apply Group Policy" permissions.
0
 
PlusITAuthor Commented:
thx i will try this asap and let you know if it worked
0
 
Henrik JohanssonSystems engineerCommented:
Just clarifying that 1. nead to be done on terminal server and not the clients.
It should had been "Enable user loopback processing on the terminal server"
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now