• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 570
  • Last Modified:

Removing Loopback Processing

I have gotten hung up in setting up Loopback processing mode on a new terminal server. Here are my environment details.

Windows 2003 Server (all SPs and updates) running Terminal Services
on a Windows SBS 2008 domain.

Created TS OU
Moved TS computer to this OU
Created Terminal Server Security Group (Global)
Created TS Users Security Group (Global)
Created GPO linked to TS OU with just Loopback Processing enabled
Created GPO linked to TS OU with restricted user settings

I successfully applied the Loopback policy and my restrictions worked perfectly, however I missed the step in denying "Apply Policy" to the admin group so admins were restricted also. Adding the deny permission did not resolve it, so I used the restricting GPO to reverse all settings, ran gpupdate /force, rebooted and had full access again for all users.

I then decied to start from scratch. Disabled Loopback in GPO, gpupdate /forced, rebooted. Removed all policies from the TS OU Moving the TS computer back to default computers OU. Gpupdate and reboot TS computer. At this point logging on to the TS reapplied the loopback settings. I am uncertain where from though as the policies are not linked to any OUs.

Running RSoP does not show any of the settings that are being applied even though the TS is applying them.

This is incredably frustrating as i don't know where the policies are comming from.

I
0
baserik
Asked:
baserik
  • 4
  • 2
2 Solutions
 
Matt VCommented:
Removing a policy does not remove the options it pushed.  You will need to create an anti-policy that specifially disables/enables all the things you diabled/enabled in the TS policy that was applied to the Admin group.
0
 
baserikAuthor Commented:
I'm sorry I wasn't entirely clear, I had reversed the settings in the restricting GPO which cleared the settings for all users including admins. The anti-policy settings were left in place when disabled loopback processing and reboot. After reboot all the loopback settings reappear.
0
 
baserikAuthor Commented:
Ok thought I was getting somewhere but here is a more detailed update.

With all settings reversed set loopback to enabled. GPupdate /force then reboot.
full unrestricted log in all users.

Disbale Loopback Policy. GPupdate /force then reboot.
full unrestricted log in all users.

Set Loopback to "Not configured". GPupdate /force then reboot.
full unrestricted log in all users.

Move TS to default computer OU. GPupdate /force then reboot.
all restriced settings mysteriously reappear for all users.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
baserikAuthor Commented:
Ok I finally figured this one out.

I had a corrupt default profile on the Terminal Server. This was holding the restricted GPO settings and causing the logons to revert back to them when there wasn't another GPO to override them. Not sure how it happened but all is better now.

Thanks.
0
 
Matt VCommented:
Thanks for the update, good to know the fix.
0
 
baserikAuthor Commented:
I eventually found the problem. mattv... even though he didn't solve my problem he got me thinking about the policy application process.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now