Solved

GPOs on Windows 2008

Posted on 2009-07-14
3
231 Views
Last Modified: 2012-05-07
i have a GPO in a 2008 domain that is used to manage a Windows 2008 terminal server.  None the user settings work (inlcuding the ones that say 'Windows 2000 and later' and the ones that say 'Windows 2003 and XP'.)  Are the ones that say Windows 2003 supposed to work on Windows 2008?  How can I verify which policy settings are being applied?  Is there an RSOP for Windows 2008 - can't find it..
0
Comment
Question by:ENTPF
  • 2
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24851766

>> manage a Windows 2008 terminal server.  None the user settings work

Based on this, I'd deduce you have your GPO configured with the policy linked to the OU in which your terminal server resides. You have then attempted to set policies under the 'User Configuration' section, but they are not applying. Is that correct?

If so, that is actually by design. If you link a policy to an OU with Computer objects, ONLY the 'Computer Configuration' section applies. Likewise, on an OU with User objects, only the 'User' section of the policy applies to the user objects.

To combat this, you need to enable 'Loopback Processing' in the Terminal Server policy. This overrides the default behaviour and causes the User Config settings to apply to any user logging into that computer.

See http://support.microsoft.com/kb/231287 for more details on implementing this.

As for the scope of the policies, most policies will apply to 'Windows 2003 and later' or 'Windows XP and later'. hey will therefore also be compatible with Vista/2008 machines. Some policies are XP/Server 2003 specific, and this should be logged as 'XP Only' or 'Server 2003 only'.

RSOP on Server 2008 is certainly available; open a Run box (Windows Key + R) or Start > Run and enter rsop.msc.

-Matt
0
 

Author Comment

by:ENTPF
ID: 24852502
I actually had"loopback processing set".  and i was wrong, not all policies are being blocked, just most..
the policy "prohibit access to the control panel"  works just fine. it is supported on "at least windows 2000".  these do not work:  "remove run menu from start menu"  (supported on "at least windows 2000).
and "Remove access to use all Windows Update features" (supported on "at least windows 2000).
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24873925

Which mode did you have Loopback Processing set to? The modes can get a little confusing, but in most simple deployments, you will want 'Merge' mode.

-Matt
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question