Solved

Removing Loopback Processing

Posted on 2010-11-22
6
554 Views
Last Modified: 2012-05-10
I have gotten hung up in setting up Loopback processing mode on a new terminal server. Here are my environment details.

Windows 2003 Server (all SPs and updates) running Terminal Services
on a Windows SBS 2008 domain.

Created TS OU
Moved TS computer to this OU
Created Terminal Server Security Group (Global)
Created TS Users Security Group (Global)
Created GPO linked to TS OU with just Loopback Processing enabled
Created GPO linked to TS OU with restricted user settings

I successfully applied the Loopback policy and my restrictions worked perfectly, however I missed the step in denying "Apply Policy" to the admin group so admins were restricted also. Adding the deny permission did not resolve it, so I used the restricting GPO to reverse all settings, ran gpupdate /force, rebooted and had full access again for all users.

I then decied to start from scratch. Disabled Loopback in GPO, gpupdate /forced, rebooted. Removed all policies from the TS OU Moving the TS computer back to default computers OU. Gpupdate and reboot TS computer. At this point logging on to the TS reapplied the loopback settings. I am uncertain where from though as the policies are not linked to any OUs.

Running RSoP does not show any of the settings that are being applied even though the TS is applying them.

This is incredably frustrating as i don't know where the policies are comming from.

I
0
Comment
Question by:baserik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 22

Accepted Solution

by:
Matt V earned 200 total points
ID: 34191740
Removing a policy does not remove the options it pushed.  You will need to create an anti-policy that specifially disables/enables all the things you diabled/enabled in the TS policy that was applied to the Admin group.
0
 

Author Comment

by:baserik
ID: 34191766
I'm sorry I wasn't entirely clear, I had reversed the settings in the restricting GPO which cleared the settings for all users including admins. The anti-policy settings were left in place when disabled loopback processing and reboot. After reboot all the loopback settings reappear.
0
 

Author Comment

by:baserik
ID: 34191947
Ok thought I was getting somewhere but here is a more detailed update.

With all settings reversed set loopback to enabled. GPupdate /force then reboot.
full unrestricted log in all users.

Disbale Loopback Policy. GPupdate /force then reboot.
full unrestricted log in all users.

Set Loopback to "Not configured". GPupdate /force then reboot.
full unrestricted log in all users.

Move TS to default computer OU. GPupdate /force then reboot.
all restriced settings mysteriously reappear for all users.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Assisted Solution

by:baserik
baserik earned 0 total points
ID: 34193429
Ok I finally figured this one out.

I had a corrupt default profile on the Terminal Server. This was holding the restricted GPO settings and causing the logons to revert back to them when there wasn't another GPO to override them. Not sure how it happened but all is better now.

Thanks.
0
 
LVL 22

Expert Comment

by:Matt V
ID: 34193437
Thanks for the update, good to know the fix.
0
 

Author Closing Comment

by:baserik
ID: 34221357
I eventually found the problem. mattv... even though he didn't solve my problem he got me thinking about the policy application process.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Weird Happening at my office with windows machines/network 16 83
Esxi host upgrade 16 99
How do I enable VPN on server 2008 R2 19 62
Cisco Nexus 9372 port channel 3 44
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question