[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

Group Policy OU

So I created a an OU for my Terminal Server then I created a lockdown GP applied it to my OU. I then Put my TS in the OU all by itself.

It has been working fine until I as admin got tired of being locked down too.

So I did this. I removed Authenticated Users and added my general users group. (MNoffUsers) Applied security of Read and Apply Group Policy to them.

Now the Terminal Server is not locking down at all for anyone. The kicker is that I put authenticated users back and removed the users group but that didn't work. It doesn't seem to be applying the group policy at all.

Any suggestions?
0
cchayden
Asked:
cchayden
  • 3
  • 2
1 Solution
 
Mike KlineCommented:
Are you applying user settings in that GPO,   If you did they would not apply to the users (if they are in a different OU).
The caveat to that is if you are using loopback.
However when you added authenticated users back things should have gone back to how they were.  Any errors in the logs?
 
Thanks
Mike
0
 
cchaydenAuthor Commented:
Yes the GPO is a mixture of both computer and user policies.

Logs on the TS or the DC, or both?
0
 
Mike KlineCommented:
Start with the TS box;  check out this question I helped with dealing with loopback and security filtering
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26409306.html
Thanks
Mike
0
 
cchaydenAuthor Commented:
Ok.

So I now have 2 GPOs linked to my TerminalServerOU. One is a Replace Loopback that security filters Read, and Apply GP to the Terminal Server itself. The other is my original lockdown GPO that security filters Read and Apply GP to the MNOffUsers security group.

The Terminal Server is still inside the TerminalServerOU. Any overide settings for the GPOs?

Now for the final stupid question. Do I need to restart the Terminal Server after changes to the GPOs?
0
 
cchaydenAuthor Commented:
So rather than kick everyone off the TS I guess I can use the command :

gpupdate/force

and adding the loopback GPO seems to have fixed my original problem.

Thanks Much!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now