Remote Desktop Services in SBS2011 Environment: GPO Issues
Posted on 2011-03-18
Sorry for the long post but I am trying to give as much infornmation as possible without writing a novel!
I have an SBS2011 Std server and a Win2008R2 server. R2 is joined to the domain and is the SBSServers OU. SBS is (obviously) in the Domain Controllers OU. R2 is set for Remote Desktop Services with RD Session Host and Licensing roles installed and activated. There are 29 User CAL's installed. This is my first RDS deployment. All previous TS deployments are still in 2003 environments.
This is a environment that will have Staff, Students and Support Staff. The students will be using XP as Dumb Terminals and will use RDS for all activities. The staff will have fat terminals (XP/Vista and 7) and will also be able to use RDS from home. The same goes for Support Staff although they will be more restricted in what they are able to do remotely. I have set up three Security Groups as follows: Students = Students, Staff = StaffRDS, Support Staff = RDS Users. I have created three GP's in the SBSServers OU. Common to all GP's is Group Policy processing mode is set to Replace. All three groups are in the Remote Destop Users security group under ADUC\Builtin. At the moment the RDS Users can log in but the Students and StaffRDS receive "The requested session access is denied".
1. I know this sounds like a dumb question but can you apply three different GP's to one OU (I have always been taught YES).
2. If you can, then is there something that I am missing to enable the Students and Staff groups to be able to process their GP's?
3. Is there anything else I need to be aware of/set up?