?
Solved

Group Policy on One Terminal Server

Posted on 2012-03-20
4
Medium Priority
?
273 Views
Last Modified: 2012-04-04
Hi,

I'm looking after a domain - they have one Domain Controller, 40 physical client PCs and a Terminal Server.

From the Domain Controller, I would like to manage the Group Policy for the entire domain. I have my policies setup to affect Domain Users on the client PCs, but I would like a DIFFERENT set of policies to affect those on the Terminal Server.

This set of policies should only affect Domain Users logged into the Terminal Server, and shouldn't affect Domain Administrators, or Domain Users elsewhere on the domain?

Is this even possible?

Domain Controller - Windows Server 2008 R2
Terminal Server - Windows Server 2003 R2

Thanks!
0
Comment
Question by:tetrauk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 37

Expert Comment

by:Carl Webster
ID: 37742802
Put the Terminal Server into its own OU.  Apply your GPO to that OU.  On the GPO, Deny the policy to the domain admins.
0
 
LVL 1

Author Comment

by:tetrauk
ID: 37742816
Hi Carl,

Thanks for your suggestion.

This is the idea we came up with, but wouldn't that affect the Domain Users across the entire domain?
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 37742831
It would only affect the users who logon to the terminal server as the GPO is applied to that one OU.  If you have specific users who use the TS, then create a TSUser group and apply the policy to that group only (removing Authenticated Users).

Remember to set the Loopback Processing mode in the GPO.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 1000 total points
ID: 37742845
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question