Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

Group Policy OU

So I created a an OU for my Terminal Server then I created a lockdown GP applied it to my OU. I then Put my TS in the OU all by itself.

It has been working fine until I as admin got tired of being locked down too.

So I did this. I removed Authenticated Users and added my general users group. (MNoffUsers) Applied security of Read and Apply Group Policy to them.

Now the Terminal Server is not locking down at all for anyone. The kicker is that I put authenticated users back and removed the users group but that didn't work. It doesn't seem to be applying the group policy at all.

Any suggestions?
0
cchayden
Asked:
cchayden
  • 3
  • 2
1 Solution
 
Mike KlineCommented:
Are you applying user settings in that GPO,   If you did they would not apply to the users (if they are in a different OU).
The caveat to that is if you are using loopback.
However when you added authenticated users back things should have gone back to how they were.  Any errors in the logs?
 
Thanks
Mike
0
 
cchaydenAuthor Commented:
Yes the GPO is a mixture of both computer and user policies.

Logs on the TS or the DC, or both?
0
 
Mike KlineCommented:
Start with the TS box;  check out this question I helped with dealing with loopback and security filtering
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26409306.html
Thanks
Mike
0
 
cchaydenAuthor Commented:
Ok.

So I now have 2 GPOs linked to my TerminalServerOU. One is a Replace Loopback that security filters Read, and Apply GP to the Terminal Server itself. The other is my original lockdown GPO that security filters Read and Apply GP to the MNOffUsers security group.

The Terminal Server is still inside the TerminalServerOU. Any overide settings for the GPOs?

Now for the final stupid question. Do I need to restart the Terminal Server after changes to the GPOs?
0
 
cchaydenAuthor Commented:
So rather than kick everyone off the TS I guess I can use the command :

gpupdate/force

and adding the loopback GPO seems to have fixed my original problem.

Thanks Much!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now