• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 278
  • Last Modified:

Group Policy on One Terminal Server

Hi,

I'm looking after a domain - they have one Domain Controller, 40 physical client PCs and a Terminal Server.

From the Domain Controller, I would like to manage the Group Policy for the entire domain. I have my policies setup to affect Domain Users on the client PCs, but I would like a DIFFERENT set of policies to affect those on the Terminal Server.

This set of policies should only affect Domain Users logged into the Terminal Server, and shouldn't affect Domain Administrators, or Domain Users elsewhere on the domain?

Is this even possible?

Domain Controller - Windows Server 2008 R2
Terminal Server - Windows Server 2003 R2

Thanks!
0
tetrauk
Asked:
tetrauk
  • 2
1 Solution
 
Carl WebsterCommented:
Put the Terminal Server into its own OU.  Apply your GPO to that OU.  On the GPO, Deny the policy to the domain admins.
0
 
tetraukAuthor Commented:
Hi Carl,

Thanks for your suggestion.

This is the idea we came up with, but wouldn't that affect the Domain Users across the entire domain?
0
 
Carl WebsterCommented:
It would only affect the users who logon to the terminal server as the GPO is applied to that one OU.  If you have specific users who use the TS, then create a TSUser group and apply the policy to that group only (removing Authenticated Users).

Remember to set the Loopback Processing mode in the GPO.
0
 
Darius GhassemCommented:
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now