Solved

Group Policy on One Terminal Server

Posted on 2012-03-20
4
267 Views
Last Modified: 2012-04-04
Hi,

I'm looking after a domain - they have one Domain Controller, 40 physical client PCs and a Terminal Server.

From the Domain Controller, I would like to manage the Group Policy for the entire domain. I have my policies setup to affect Domain Users on the client PCs, but I would like a DIFFERENT set of policies to affect those on the Terminal Server.

This set of policies should only affect Domain Users logged into the Terminal Server, and shouldn't affect Domain Administrators, or Domain Users elsewhere on the domain?

Is this even possible?

Domain Controller - Windows Server 2008 R2
Terminal Server - Windows Server 2003 R2

Thanks!
0
Comment
Question by:tetrauk
  • 2
4 Comments
 
LVL 36

Expert Comment

by:Carl Webster
ID: 37742802
Put the Terminal Server into its own OU.  Apply your GPO to that OU.  On the GPO, Deny the policy to the domain admins.
0
 
LVL 1

Author Comment

by:tetrauk
ID: 37742816
Hi Carl,

Thanks for your suggestion.

This is the idea we came up with, but wouldn't that affect the Domain Users across the entire domain?
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 37742831
It would only affect the users who logon to the terminal server as the GPO is applied to that one OU.  If you have specific users who use the TS, then create a TSUser group and apply the policy to that group only (removing Authenticated Users).

Remember to set the Loopback Processing mode in the GPO.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 37742845
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question