Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Removing Loopback Processing

Posted on 2010-11-22
6
Medium Priority
?
567 Views
Last Modified: 2012-05-10
I have gotten hung up in setting up Loopback processing mode on a new terminal server. Here are my environment details.

Windows 2003 Server (all SPs and updates) running Terminal Services
on a Windows SBS 2008 domain.

Created TS OU
Moved TS computer to this OU
Created Terminal Server Security Group (Global)
Created TS Users Security Group (Global)
Created GPO linked to TS OU with just Loopback Processing enabled
Created GPO linked to TS OU with restricted user settings

I successfully applied the Loopback policy and my restrictions worked perfectly, however I missed the step in denying "Apply Policy" to the admin group so admins were restricted also. Adding the deny permission did not resolve it, so I used the restricting GPO to reverse all settings, ran gpupdate /force, rebooted and had full access again for all users.

I then decied to start from scratch. Disabled Loopback in GPO, gpupdate /forced, rebooted. Removed all policies from the TS OU Moving the TS computer back to default computers OU. Gpupdate and reboot TS computer. At this point logging on to the TS reapplied the loopback settings. I am uncertain where from though as the policies are not linked to any OUs.

Running RSoP does not show any of the settings that are being applied even though the TS is applying them.

This is incredably frustrating as i don't know where the policies are comming from.

I
0
Comment
Question by:baserik
  • 4
  • 2
6 Comments
 
LVL 22

Accepted Solution

by:
Matt V earned 800 total points
ID: 34191740
Removing a policy does not remove the options it pushed.  You will need to create an anti-policy that specifially disables/enables all the things you diabled/enabled in the TS policy that was applied to the Admin group.
0
 

Author Comment

by:baserik
ID: 34191766
I'm sorry I wasn't entirely clear, I had reversed the settings in the restricting GPO which cleared the settings for all users including admins. The anti-policy settings were left in place when disabled loopback processing and reboot. After reboot all the loopback settings reappear.
0
 

Author Comment

by:baserik
ID: 34191947
Ok thought I was getting somewhere but here is a more detailed update.

With all settings reversed set loopback to enabled. GPupdate /force then reboot.
full unrestricted log in all users.

Disbale Loopback Policy. GPupdate /force then reboot.
full unrestricted log in all users.

Set Loopback to "Not configured". GPupdate /force then reboot.
full unrestricted log in all users.

Move TS to default computer OU. GPupdate /force then reboot.
all restriced settings mysteriously reappear for all users.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 

Assisted Solution

by:baserik
baserik earned 0 total points
ID: 34193429
Ok I finally figured this one out.

I had a corrupt default profile on the Terminal Server. This was holding the restricted GPO settings and causing the logons to revert back to them when there wasn't another GPO to override them. Not sure how it happened but all is better now.

Thanks.
0
 
LVL 22

Expert Comment

by:Matt V
ID: 34193437
Thanks for the update, good to know the fix.
0
 

Author Closing Comment

by:baserik
ID: 34221357
I eventually found the problem. mattv... even though he didn't solve my problem he got me thinking about the policy application process.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question