Archived from groups: microsoft.public.win2000.group_policy (
More info?)
Sounds like you are headed in the right direction. The users do NOT need to be in the
OU where the computer is when loopback processing is being applied to a computer in
that OU. Possibly you are having a problem with group nesting or the computer itself
does not have read/apply permissions to that GPO. Running gpresult on that TS as a
user logged onto it will tell you what is going on as to what policies are being
applied to user and computer and last time policy was refreshed. Gpresult will also
show what container user/computer is in and what groups they belong to. You may want
to try giving read/apply permissions to the OU for a domain global group instead of
UG and you may need to give the computer or domain computers group apply/read
permissions. Computers usually get read/apply permissions by being a member of
authenticated users or administrators and it you remove those groups, you remove
computer permissions. I have pasted a sample of gpresult from my computer. Note
below the result shown when a computer does not have read/apply permissions to a GPO
[lap2 in my case] and note the group membership for the computer. --- Steve
RSOP results for STEVE-XP\Steve on STEVE-XP : Logging Mode
-----------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: UMBACH1
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: D:\Documents and Settings\Steve
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 4/12/2004 at 2:16:41 PM
Group Policy was applied from: server1-2000.umbach1.com
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Default Domain Policy
Domain Main 1
Local Group Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Lap2
Filtering: Not Applied (Unknown Reason) <<<<<<<<<<<<<<<<<<<<<<<<<<<<
Look Here ***
The computer is a part of the following security groups:
<<<<<<<<<<<<<<<<<<<<<<<< Look Here ***
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
STEVE-XP$
Domain Computers
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
"PJ" <pj@sarpy.com> wrote in message news:1b67301c420a9$6d3b6f30$a401280a@phx.gbl...
> I'm setting up a new w2k terminal server in application
> mode. I put the computer account in a new OU and created
> a new GPO for that OU. What I want to do is have the new
> GPO apply to users when they sign onto the terminal server
> but not when they sign onto their computers.
> I've enabled the loopback policy for the GPO and created a
> new Universal Security Group in the new OU and assigned
> that group to the GPO.
>
> The problem is the GPO is not taking effect for the users
> (who are in a different OU) but when I create a new test
> user in the new OU it does take effect.
>
> Am I doing something wrong? Do I have to move the user
> accounts to this new OU in order to get the GPO to work
> when they sign onto the terminal server?
>
> THANKS A TON IN ADVANCE!
Facebook
Twitter
Instagram