Solved

GPOs on Windows 2008

Posted on 2009-07-14
3
234 Views
Last Modified: 2012-05-07
i have a GPO in a 2008 domain that is used to manage a Windows 2008 terminal server.  None the user settings work (inlcuding the ones that say 'Windows 2000 and later' and the ones that say 'Windows 2003 and XP'.)  Are the ones that say Windows 2003 supposed to work on Windows 2008?  How can I verify which policy settings are being applied?  Is there an RSOP for Windows 2008 - can't find it..
0
Comment
Question by:ENTPF
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24851766

>> manage a Windows 2008 terminal server.  None the user settings work

Based on this, I'd deduce you have your GPO configured with the policy linked to the OU in which your terminal server resides. You have then attempted to set policies under the 'User Configuration' section, but they are not applying. Is that correct?

If so, that is actually by design. If you link a policy to an OU with Computer objects, ONLY the 'Computer Configuration' section applies. Likewise, on an OU with User objects, only the 'User' section of the policy applies to the user objects.

To combat this, you need to enable 'Loopback Processing' in the Terminal Server policy. This overrides the default behaviour and causes the User Config settings to apply to any user logging into that computer.

See http://support.microsoft.com/kb/231287 for more details on implementing this.

As for the scope of the policies, most policies will apply to 'Windows 2003 and later' or 'Windows XP and later'. hey will therefore also be compatible with Vista/2008 machines. Some policies are XP/Server 2003 specific, and this should be logged as 'XP Only' or 'Server 2003 only'.

RSOP on Server 2008 is certainly available; open a Run box (Windows Key + R) or Start > Run and enter rsop.msc.

-Matt
0
 

Author Comment

by:ENTPF
ID: 24852502
I actually had"loopback processing set".  and i was wrong, not all policies are being blocked, just most..
the policy "prohibit access to the control panel"  works just fine. it is supported on "at least windows 2000".  these do not work:  "remove run menu from start menu"  (supported on "at least windows 2000).
and "Remove access to use all Windows Update features" (supported on "at least windows 2000).
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24873925

Which mode did you have Loopback Processing set to? The modes can get a little confusing, but in most simple deployments, you will want 'Merge' mode.

-Matt
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question