cchayden
asked on
Group Policy OU
So I created a an OU for my Terminal Server then I created a lockdown GP applied it to my OU. I then Put my TS in the OU all by itself.
It has been working fine until I as admin got tired of being locked down too.
So I did this. I removed Authenticated Users and added my general users group. (MNoffUsers) Applied security of Read and Apply Group Policy to them.
Now the Terminal Server is not locking down at all for anyone. The kicker is that I put authenticated users back and removed the users group but that didn't work. It doesn't seem to be applying the group policy at all.
Any suggestions?
It has been working fine until I as admin got tired of being locked down too.
So I did this. I removed Authenticated Users and added my general users group. (MNoffUsers) Applied security of Read and Apply Group Policy to them.
Now the Terminal Server is not locking down at all for anyone. The kicker is that I put authenticated users back and removed the users group but that didn't work. It doesn't seem to be applying the group policy at all.
Any suggestions?
ASKER
Yes the GPO is a mixture of both computer and user policies.
Logs on the TS or the DC, or both?
Logs on the TS or the DC, or both?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok.
So I now have 2 GPOs linked to my TerminalServerOU. One is a Replace Loopback that security filters Read, and Apply GP to the Terminal Server itself. The other is my original lockdown GPO that security filters Read and Apply GP to the MNOffUsers security group.
The Terminal Server is still inside the TerminalServerOU. Any overide settings for the GPOs?
Now for the final stupid question. Do I need to restart the Terminal Server after changes to the GPOs?
So I now have 2 GPOs linked to my TerminalServerOU. One is a Replace Loopback that security filters Read, and Apply GP to the Terminal Server itself. The other is my original lockdown GPO that security filters Read and Apply GP to the MNOffUsers security group.
The Terminal Server is still inside the TerminalServerOU. Any overide settings for the GPOs?
Now for the final stupid question. Do I need to restart the Terminal Server after changes to the GPOs?
ASKER
So rather than kick everyone off the TS I guess I can use the command :
gpupdate/force
and adding the loopback GPO seems to have fixed my original problem.
Thanks Much!
gpupdate/force
and adding the loopback GPO seems to have fixed my original problem.
Thanks Much!
The caveat to that is if you are using loopback.
However when you added authenticated users back things should have gone back to how they were. Any errors in the logs?
Thanks
Mike