Help Group Policy setup on TS 2008

Posted on 2009-12-30
Medium Priority
Last Modified: 2013-11-21

I have a customer with a Server 2008. I have configured it as ActiveDirectory and Terminal Server (on the same server, I know that it's not recommended, but the customer wants it anyway...)

I want to setup a group policy to limit features on the Terminal Server for users with TS access (members of Remote Desktop Group), but I don't want this Group Policy to apply to those users computers.

I have created a Group Policy named Terminal Server and then linked it to "Domain Computers" in the Grop Policy Management, After that I added "Remote Desktop Users" group under Secirity Filtering and removed "Authenticated Users".
This is not working, so what more do I have to do?
I heard something about Loop Back, but I don't know what that is... :)

Thanks in advance,
Question by:henriklundin
  • 2

Author Comment

ID: 26145432

What I understand it should be ok if I just enable "User Group Policy loopback processing mode" with replace option, but it's not working for me... I think my other settings are ok?  If I add "autenticated users" again the policy is applied on the TS users, but then the Administrator is also affecte.

I have run the gpupdate after making changes...

Thanks again!
LVL 59

Expert Comment

by:Darius Ghassem
ID: 26145917
Have you tried placing the TS servers in their own OU?
LVL 31

Accepted Solution

Cláudio Rodrigues earned 2000 total points
ID: 26146178
I think he cannot do that as the TS is also the DC. :-)
Take a look at this guide, "Terminal Services A to Z" that I wrote. Free download at http://www.wtslabs.com. It goes step-by-step in the group policy part. Ignore the OU requirement shown on the guide as in your case the TS is the DC. Everything else should apply and work.

Cláudio Rodrigues
Citrix CTP

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question