We have an environment that uses a combination of fat and thin clients. All users have a roaming profile that they use to log into our RDS servers. Some users also have a fat client, also attached to the domain and on that they log in using the same roaming profile as on the RDS servers.
We have a Group Policy set up that starts Outlook when the users log in to the RDS server. Lately we've found that on new laptops, when we set them up its also starting to apply the same Group Policy to the laptops as well as the RDS server. I have a new laptop here today. I added it to the domain and moved it to the Laptops group in AD, gave domain users Local Admin rights and then logged in as the intended end user for that laptop. And Outlook loaded. This isn't meant to happen. Our users don't use Outlook locally, its only from within the RDS server that they use Outlook.
So somehow something has changed in my Group Policy that now makes this object apply to laptops where it never had before. And it still doesn't on other laptops and with other users.
So our policies on the DC are set out so that they grouped in 'like' groups. The policy with Outlook in it is called 'xUsers RDS Logon' and the Setting in question is:
User Configuration>Policies>>Administrative Template>System/Logon>Run these programs at user logon>C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe
Scope: xUsers (AD container that all users are in) Enforced:No Link Enabled:Yes
xTerminalServers (AD container that all RDS Servers are in) Enforced:No Link Enabled:Yes
Security Filtering: xStaff (Security group for all staff)
Laptops are NOT in xTerminalServers, they're in another container called xLaptops. Its not nested inside xTerminalServers. Its on the same level.
I have done GP Modelling for many of the fat client users on their laptops and compared to the new ones and they all seem to have the same settings. In fact they all show that this GPO applies to them. But for some reason the new laptops it is actually applying the GPO whereas its not on the others.
All fat clients are Win7 Pro.
What I'm looking for is a way to stop Outlook loading on startup when you log into a laptop (that doesn't involve uninstalling it!). Outlook must still load when they log into the RDS Server. And ideally I'd like to fix the GPO so that it filters out anything thats NOT a member of the xTerminalServer group.