How to stop Group Policy applying on a laptop and starting Outlook automatically
We have an environment that uses a combination of fat and thin clients. All users have a roaming profile that they use to log into our RDS servers. Some users also have a fat client, also attached to the domain and on that they log in using the same roaming profile as on the RDS servers.
We have a Group Policy set up that starts Outlook when the users log in to the RDS server. Lately we've found that on new laptops, when we set them up its also starting to apply the same Group Policy to the laptops as well as the RDS server. I have a new laptop here today. I added it to the domain and moved it to the Laptops group in AD, gave domain users Local Admin rights and then logged in as the intended end user for that laptop. And Outlook loaded. This isn't meant to happen. Our users don't use Outlook locally, its only from within the RDS server that they use Outlook.
So somehow something has changed in my Group Policy that now makes this object apply to laptops where it never had before. And it still doesn't on other laptops and with other users.
So our policies on the DC are set out so that they grouped in 'like' groups. The policy with Outlook in it is called 'xUsers RDS Logon' and the Setting in question is:
Laptops are NOT in xTerminalServers, they're in another container called xLaptops. Its not nested inside xTerminalServers. Its on the same level.
I have done GP Modelling for many of the fat client users on their laptops and compared to the new ones and they all seem to have the same settings. In fact they all show that this GPO applies to them. But for some reason the new laptops it is actually applying the GPO whereas its not on the others.
All fat clients are Win7 Pro.
What I'm looking for is a way to stop Outlook loading on startup when you log into a laptop (that doesn't involve uninstalling it!). Outlook must still load when they log into the RDS Server. And ideally I'd like to fix the GPO so that it filters out anything thats NOT a member of the xTerminalServer group.
Thanks,
We have a Group Policy set up that starts Outlook when the users log in to the RDS server. Lately we've found that on new laptops, when we set them up its also starting to apply the same Group Policy to the laptops as well as the RDS server. I have a new laptop here today. I added it to the domain and moved it to the Laptops group in AD, gave domain users Local Admin rights and then logged in as the intended end user for that laptop. And Outlook loaded. This isn't meant to happen. Our users don't use Outlook locally, its only from within the RDS server that they use Outlook.
So somehow something has changed in my Group Policy that now makes this object apply to laptops where it never had before. And it still doesn't on other laptops and with other users.
So our policies on the DC are set out so that they grouped in 'like' groups. The policy with Outlook in it is called 'xUsers RDS Logon' and the Setting in question is:
User Configuration>Policies>>Ad
Scope: xUsers (AD container that all users are in) Enforced:No Link Enabled:Yes
xTerminalServers (AD container that all RDS Servers are in) Enforced:No Link Enabled:Yes
Security Filtering: xStaff (Security group for all staff)
Scope: xUsers (AD container that all users are in) Enforced:No Link Enabled:Yes
xTerminalServers (AD container that all RDS Servers are in) Enforced:No Link Enabled:Yes
Security Filtering: xStaff (Security group for all staff)
Laptops are NOT in xTerminalServers, they're in another container called xLaptops. Its not nested inside xTerminalServers. Its on the same level.
I have done GP Modelling for many of the fat client users on their laptops and compared to the new ones and they all seem to have the same settings. In fact they all show that this GPO applies to them. But for some reason the new laptops it is actually applying the GPO whereas its not on the others.
All fat clients are Win7 Pro.
What I'm looking for is a way to stop Outlook loading on startup when you log into a laptop (that doesn't involve uninstalling it!). Outlook must still load when they log into the RDS Server. And ideally I'd like to fix the GPO so that it filters out anything thats NOT a member of the xTerminalServer group.
Thanks,
Just another thouhgt here as well
When Office was installed on the PCs, was an Admin Setup or OCT used?
Could be possible in the initial install of Office Outlook Setup/Configuration/Behavi
When Office was installed on the PCs, was an Admin Setup or OCT used?
Could be possible in the initial install of Office Outlook Setup/Configuration/Behavi
ASKER
I think it is applied to the user not the client - it is a user configuration setting. But how do I get it to only apply when logging into the xTerminal Servers?
move RDS user to one OU and the apply policy on that.
instead of applying all user.
instead of applying all user.
ASKER
Hi piyushranusri,
All users are RDS users. Some of those users are also fat client users. We want All users to have Outlook load when they're logging into the RDS server, but we want it NOT to load when those users are logging into a fat client.
All users are RDS users. Some of those users are also fat client users. We want All users to have Outlook load when they're logging into the RDS server, but we want it NOT to load when those users are logging into a fat client.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We created a new GPO and applied the Loopback policy to it. All is good now.
Other suggestions wouldn't have solved my issue and noone answered my last question about Loopbacks being a viable solution. We went ahead with it and it was.
Other suggestions wouldn't have solved my issue and noone answered my last question about Loopbacks being a viable solution. We went ahead with it and it was.
If it does, is it possible the policy is being appleid to the logged on User OU, not the Client OU?