Solved

Terminal Server USer with Group policy vs. same user on laptop

Posted on 2009-07-01
4
365 Views
Last Modified: 2013-12-04
Hi,

Little question i have 2x 2008 server one AD and one TS.  The TS server is server2 and is also domain controller.  I have some users who are external and have a portable laptop and also work via the terminal server.  My users are all in a container where the GPO is applied to lock their desktop on the TS server and lock their start menu and redirect is.

PRoblem is when these users log on to their laptop their dekstop their is locked down also and i want it only to be locked down when this users logs on to the terminal server.  How can i fix this please?
0
Comment
Question by:PlusIT
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 125 total points
ID: 24765916
Four things nead to be done:
1. Enable user loopback processing on the computer
Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy lopoback processing mode

2. Link the lockdown GPOs with user settings to the OU containing computer object of terminal server instead of the OU with user objects. When loopback processing is enabled, user GPOs linked will also be applied in computer OUs. Conflicting settings that exist in both computer and user configuration will result as the setting in computer configuration (computer configuration has higher precedence than user configuration).

3. Make sure the users has a TS profile separated from their normal profile used on the client machines. This is either done on "Terminal Services Profile"-tab in Properties of each user account or through the following GPO setting.
Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Set path for TS Roaming Profiles
-> Set the path to be the common folder containing the tsprofile folders.

4. To avoid that the lockdown GPOs are applied to administrators, configure security filtering by editing the security on GPOs with lockdown settings and restrict what group of users are allowed/denied the "Apply Group Policy" permissions.
0
 
LVL 10

Author Comment

by:PlusIT
ID: 24776784
thx i will try this asap and let you know if it worked
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 24777763
Just clarifying that 1. nead to be done on terminal server and not the clients.
It should had been "Enable user loopback processing on the terminal server"
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question