Solved

Removing Loopback Processing

Posted on 2010-11-22
6
548 Views
Last Modified: 2012-05-10
I have gotten hung up in setting up Loopback processing mode on a new terminal server. Here are my environment details.

Windows 2003 Server (all SPs and updates) running Terminal Services
on a Windows SBS 2008 domain.

Created TS OU
Moved TS computer to this OU
Created Terminal Server Security Group (Global)
Created TS Users Security Group (Global)
Created GPO linked to TS OU with just Loopback Processing enabled
Created GPO linked to TS OU with restricted user settings

I successfully applied the Loopback policy and my restrictions worked perfectly, however I missed the step in denying "Apply Policy" to the admin group so admins were restricted also. Adding the deny permission did not resolve it, so I used the restricting GPO to reverse all settings, ran gpupdate /force, rebooted and had full access again for all users.

I then decied to start from scratch. Disabled Loopback in GPO, gpupdate /forced, rebooted. Removed all policies from the TS OU Moving the TS computer back to default computers OU. Gpupdate and reboot TS computer. At this point logging on to the TS reapplied the loopback settings. I am uncertain where from though as the policies are not linked to any OUs.

Running RSoP does not show any of the settings that are being applied even though the TS is applying them.

This is incredably frustrating as i don't know where the policies are comming from.

I
0
Comment
Question by:baserik
  • 4
  • 2
6 Comments
 
LVL 22

Accepted Solution

by:
Matt V earned 200 total points
Comment Utility
Removing a policy does not remove the options it pushed.  You will need to create an anti-policy that specifially disables/enables all the things you diabled/enabled in the TS policy that was applied to the Admin group.
0
 

Author Comment

by:baserik
Comment Utility
I'm sorry I wasn't entirely clear, I had reversed the settings in the restricting GPO which cleared the settings for all users including admins. The anti-policy settings were left in place when disabled loopback processing and reboot. After reboot all the loopback settings reappear.
0
 

Author Comment

by:baserik
Comment Utility
Ok thought I was getting somewhere but here is a more detailed update.

With all settings reversed set loopback to enabled. GPupdate /force then reboot.
full unrestricted log in all users.

Disbale Loopback Policy. GPupdate /force then reboot.
full unrestricted log in all users.

Set Loopback to "Not configured". GPupdate /force then reboot.
full unrestricted log in all users.

Move TS to default computer OU. GPupdate /force then reboot.
all restriced settings mysteriously reappear for all users.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Assisted Solution

by:baserik
baserik earned 0 total points
Comment Utility
Ok I finally figured this one out.

I had a corrupt default profile on the Terminal Server. This was holding the restricted GPO settings and causing the logons to revert back to them when there wasn't another GPO to override them. Not sure how it happened but all is better now.

Thanks.
0
 
LVL 22

Expert Comment

by:Matt V
Comment Utility
Thanks for the update, good to know the fix.
0
 

Author Closing Comment

by:baserik
Comment Utility
I eventually found the problem. mattv... even though he didn't solve my problem he got me thinking about the policy application process.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now