Solved

Group Policy on One Terminal Server

Posted on 2012-03-20
4
266 Views
Last Modified: 2012-04-04
Hi,

I'm looking after a domain - they have one Domain Controller, 40 physical client PCs and a Terminal Server.

From the Domain Controller, I would like to manage the Group Policy for the entire domain. I have my policies setup to affect Domain Users on the client PCs, but I would like a DIFFERENT set of policies to affect those on the Terminal Server.

This set of policies should only affect Domain Users logged into the Terminal Server, and shouldn't affect Domain Administrators, or Domain Users elsewhere on the domain?

Is this even possible?

Domain Controller - Windows Server 2008 R2
Terminal Server - Windows Server 2003 R2

Thanks!
0
Comment
Question by:tetrauk
  • 2
4 Comments
 
LVL 36

Expert Comment

by:Carl Webster
ID: 37742802
Put the Terminal Server into its own OU.  Apply your GPO to that OU.  On the GPO, Deny the policy to the domain admins.
0
 
LVL 1

Author Comment

by:tetrauk
ID: 37742816
Hi Carl,

Thanks for your suggestion.

This is the idea we came up with, but wouldn't that affect the Domain Users across the entire domain?
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 37742831
It would only affect the users who logon to the terminal server as the GPO is applied to that one OU.  If you have specific users who use the TS, then create a TSUser group and apply the policy to that group only (removing Authenticated Users).

Remember to set the Loopback Processing mode in the GPO.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 37742845
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now