GPO settings from SBS2008 not all applied to 2008 R2 RDP server
Hi,
I have an SBS2008 (Windows 2008 R1) wich is AD
I have a seperate RDP server running 2008 R2.
I have joined the rdp server in the domain, made a seperate OU and applied some GPO's to it.
First GPO does loopback processing
Second GPO makes sure they have a seperate TS profile (Computer Configuration\Administrati
Third locks the desktop down.
I think first and third are being applied, but when I logon with a user from AD which has a normal roaming profile set then that profile is applied in stead of making a sperate TS profile.
Could it be that the GPO's for 2008 r2 have changed?
I have an SBS2008 (Windows 2008 R1) wich is AD
I have a seperate RDP server running 2008 R2.
I have joined the rdp server in the domain, made a seperate OU and applied some GPO's to it.
First GPO does loopback processing
Second GPO makes sure they have a seperate TS profile (Computer Configuration\Administrati
Third locks the desktop down.
I think first and third are being applied, but when I logon with a user from AD which has a normal roaming profile set then that profile is applied in stead of making a sperate TS profile.
Could it be that the GPO's for 2008 r2 have changed?
ASKER
ok i see that my first is not applied the one that has the loopback processing. I put the filter on verified users, guess that's wrong?
OK, you have used GPO filtering for Authenticated Users, right? But which mode for loopback processing did you use Replace or Merge?
Authenticated Users are set up by default in GPO, so it's OK. If you chage that or modified to Disallow, that causes problem.
Krzysztof
Authenticated Users are set up by default in GPO, so it's OK. If you chage that or modified to Disallow, that causes problem.
Krzysztof
ASKER
it's said to replace, so no idea why it's not applying
Maybe some settigs are identical and were replaced. What if you change mode from Replace to Merge?
Krzysztof
Krzysztof
ASKER
that won't do anything as i see in gpresult command that the gpo is not applied that all. It's not in the list.
OK, so please check GPO filtering and please tell me what it's there. And ensure that GPO is linked also to OU where are users located.
Krzysztof
Krzysztof
ASKER
as far as i understand the loopback processing should be enabled on the ou where the ts server is in.
as stated in one of my previous messages:
as stated in one of my previous messages:
ok i see that my first is not applied the one that has the loopback processing. I put the filter on verified users, guess that's wrong?
Yes, but you want to apply computer settings to user. Please check that MS article
http://support.microsoft.com/kb/231287
I don't know what you mean by saying "verified users"? Maybe you want to say Authenticated Users? If os, don't worry, to this group belongs authenticated users and computers accounts.
Krzysztof
http://support.microsoft.com/kb/231287
I don't know what you mean by saying "verified users"? Maybe you want to say Authenticated Users? If os, don't worry, to this group belongs authenticated users and computers accounts.
Krzysztof
ASKER
i have to go now i'll have a look into that and get back to you, thx for the feedback allrdy
You're welcome :)
I'm waiting for other news
Krzysztof
I'm waiting for other news
Krzysztof
ASKER
quick question: could it be when i only set the ts profile and not the local (roaming) profile, that has been set under the user properties in AD, that this behaviour occurs ?
Might be
Krzysztof
Krzysztof
Go to the OU where you are applying the GPO & see on the right side the list of GPO's.
Now, using the arrow keys move the Loopback GPO to Position 1.
After this, enable this GPO on the same OU:
Computer Configuration | Policies | Administrative Templates | System | Logon Always wait for the network at computer startup and logon policy
Once you have this placed make it no. 1 as described earlier & put the loopback GPO as no. 2.
Now, to be on the safer side RESTART the computer & then see the effect.
Please post the result afterwards.
A
Now, using the arrow keys move the Loopback GPO to Position 1.
After this, enable this GPO on the same OU:
Computer Configuration | Policies | Administrative Templates | System | Logon Always wait for the network at computer startup and logon policy
Once you have this placed make it no. 1 as described earlier & put the loopback GPO as no. 2.
Now, to be on the safer side RESTART the computer & then see the effect.
Please post the result afterwards.
A
Please see below the MS ways of setting up the Roaming Profile, I see that you have the policy setup in Computer Configuration, however the page suggests Local Policy:
"Local Computer Policy/Computer Configuration/Administrati
See point 2
http://technet.microsoft.com/en-us/library/cc783578(WS.10).aspx
A
"Local Computer Policy/Computer Configuration/Administrati
See point 2
http://technet.microsoft.com/en-us/library/cc783578(WS.10).aspx
A
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
this was the fix.
Regards,
Krzysztof