Solved

Group Policy on One Terminal Server

Posted on 2012-03-20
4
270 Views
Last Modified: 2012-04-04
Hi,

I'm looking after a domain - they have one Domain Controller, 40 physical client PCs and a Terminal Server.

From the Domain Controller, I would like to manage the Group Policy for the entire domain. I have my policies setup to affect Domain Users on the client PCs, but I would like a DIFFERENT set of policies to affect those on the Terminal Server.

This set of policies should only affect Domain Users logged into the Terminal Server, and shouldn't affect Domain Administrators, or Domain Users elsewhere on the domain?

Is this even possible?

Domain Controller - Windows Server 2008 R2
Terminal Server - Windows Server 2003 R2

Thanks!
0
Comment
Question by:tetrauk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 36

Expert Comment

by:Carl Webster
ID: 37742802
Put the Terminal Server into its own OU.  Apply your GPO to that OU.  On the GPO, Deny the policy to the domain admins.
0
 
LVL 1

Author Comment

by:tetrauk
ID: 37742816
Hi Carl,

Thanks for your suggestion.

This is the idea we came up with, but wouldn't that affect the Domain Users across the entire domain?
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 37742831
It would only affect the users who logon to the terminal server as the GPO is applied to that one OU.  If you have specific users who use the TS, then create a TSUser group and apply the policy to that group only (removing Authenticated Users).

Remember to set the Loopback Processing mode in the GPO.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 37742845
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question