Solved

GPOs on Windows 2008

Posted on 2009-07-14
3
229 Views
Last Modified: 2012-05-07
i have a GPO in a 2008 domain that is used to manage a Windows 2008 terminal server.  None the user settings work (inlcuding the ones that say 'Windows 2000 and later' and the ones that say 'Windows 2003 and XP'.)  Are the ones that say Windows 2003 supposed to work on Windows 2008?  How can I verify which policy settings are being applied?  Is there an RSOP for Windows 2008 - can't find it..
0
Comment
Question by:ENTPF
  • 2
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24851766

>> manage a Windows 2008 terminal server.  None the user settings work

Based on this, I'd deduce you have your GPO configured with the policy linked to the OU in which your terminal server resides. You have then attempted to set policies under the 'User Configuration' section, but they are not applying. Is that correct?

If so, that is actually by design. If you link a policy to an OU with Computer objects, ONLY the 'Computer Configuration' section applies. Likewise, on an OU with User objects, only the 'User' section of the policy applies to the user objects.

To combat this, you need to enable 'Loopback Processing' in the Terminal Server policy. This overrides the default behaviour and causes the User Config settings to apply to any user logging into that computer.

See http://support.microsoft.com/kb/231287 for more details on implementing this.

As for the scope of the policies, most policies will apply to 'Windows 2003 and later' or 'Windows XP and later'. hey will therefore also be compatible with Vista/2008 machines. Some policies are XP/Server 2003 specific, and this should be logged as 'XP Only' or 'Server 2003 only'.

RSOP on Server 2008 is certainly available; open a Run box (Windows Key + R) or Start > Run and enter rsop.msc.

-Matt
0
 

Author Comment

by:ENTPF
ID: 24852502
I actually had"loopback processing set".  and i was wrong, not all policies are being blocked, just most..
the policy "prohibit access to the control panel"  works just fine. it is supported on "at least windows 2000".  these do not work:  "remove run menu from start menu"  (supported on "at least windows 2000).
and "Remove access to use all Windows Update features" (supported on "at least windows 2000).
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24873925

Which mode did you have Loopback Processing set to? The modes can get a little confusing, but in most simple deployments, you will want 'Merge' mode.

-Matt
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now